WhatsApp belongs to Facebook – and therefore, one of the largest data collectors on the planet. Reason enough to take a look at data protection.
WhatsApp is popular: around 2 billion people around the world use Messenger. Alternatives such as Telegram or Threema have significantly more potential but came too late: WhatsApp has now established itself as a quasi-successor to the good, old SMS. There is nothing wrong with this, but users should look at the data protection issue from time to time before or during use.
What data does WhatsApp transfer?
Basically: WhatsApp stores data that users entrust to the service. In addition to the chats themselves, these include photos, videos and, of course, profile data such as the profile picture and the content specified there.
Photos and videos are only cached for a short time, however, and the content is saved anyway: According to its information, WhatsApp completed the rollout of the so-called end-to-end encryption according to the AES-256 standard as early as 2016, which without additional activation with new versions the app works.
The service promises that “nobody, not even us, has access to the conversations.” In other words: WhatsApp messages, group chats and phone calls are stored on WhatsApp but cannot be seen there.
Check whether a chat is Encrypted
In rare cases, chats may not be encrypted. For example, if one of the participants uses a very old WhatsApp version, for instance, because they are using a very old Android cell phone or have not updated their apps for years. To check whether a chat is encrypted, you can do the following:
- Step 1: Open the chat on WhatsApp.
- 2nd step: At the top, tap the name of the chat or contact.
- 3rd step: You will see some group or chat information, including “Encryption “. If you tap this point, you can see whether the chat is encrypted.
WhatsApp remains a data collector
Unfortunately, the focus on end-to-end encryption is also a bombshell: WhatsApp cannot track the content of chats and conversations, and WhatsApp does not seem to have an “NSA backdoor” either.
However, that does not mean that WhatsApp does not collect any data: Everything that is not covered by end-to-end encryption is certainly transmitted to the operator’s server, including location and participant information such as the phone number or profile data such as the profile picture or the information provided there.
Also, there is the information from the address book, which is essential for the meaningful operation of WhatsApp and causes problems with the GDPR.
Adjust the Privacy Settings of WhatsApp
WhatsApp also hurls data towards other users. It doesn’t have to be: The settings can be easily adjusted:
- Step 1: Open the WhatsApp settings.
- 2nd step: Select “Account” and tap on “Privacy “.
- 3rd step: Deactivate “Live location” and set all other items such as “Last seen” or “Info” to “My contacts” or even to “Nobody “.
- 4th step: If necessary, deactivate the read receipts.
Chat backups in the cloud are a privacy leak
What is annoying, however, is that WhatsApp does not encrypt its cloud backup. That means: If you use the practical backup function of the app, you save the chat data in plain text on Google (Android) or Apple (iOS) – and thus hand them over.
However, this only plays a subordinate role: The NSA scandal showed that the big tech companies in the past worked together with the American domestic intelligence service, even when allegedly only “non-US citizens” were monitored. The Prism program is still active, which is why the US investigative authorities still have access to data from Apple, Google and Co. This would also affect users if the backups were directly on WhatsApp,
Backup only as secure as cloud storage
But that is not the only problem: WhatsApp would only be safe from governments – just like other messengers, social media and cloud services – if they encrypted all content automatically and without back doors.
Of course, this also applies to the backups. WhatsApp is outsourcing the problem to Google and Apple, and even if these services attach great importance to encryption and security of the cloud, the NSA scandal leaves a taste.
Therefore, it makes sense to deactivate the WhatsApp backups completely – and only make manual backups when necessary, for example, when the mobile phone is to be moved:
- Step 1: Open the WhatsApp settings and select “Chats.”
- 2nd step: Tap Chat Backup.
- 3rd step: Set the point “Automatic backups” to “Off.”
- 4th step: If necessary, when moving your mobile phone, tap on “Create backup now “to create a backup manually. This is then saved again by the cloud service provider.
Backing up a backup on Android devices manually
As an alternative to a backup in Google Drive, you have the option of manually backing up a local backup on Android devices.
- To do this, open WhatsApp, go to settings, then “Chats” and “Chat backup “.
- Tap “Back up to Google Drive” and select “Never “.
- Then tap on “Save “. A backup of your chats will now be created and saved locally on your Android phone.
- Connect your phone to a computer and open it in Windows Explorer. Open the directory “Phone”> “WhatsApp”> “Databases” and copy the file “msgstore.db” to your computer.
Note that the backup is not encrypted and can theoretically be opened by third parties. So save the file in a place where you are safe from virus attacks, for example.
Create a data extract
To get an overview of which data is stored on WhatsApp, you can also request a data extract. WhatsApp takes up to three days to create it, after which you will receive a report of the account information. To do this, open the WhatsApp settings and select “Account “. Then tap on “Request account info” and select “Request report”. This is then generated and sent via WhatsApp.
Also Read: WhatsApp Data: What Can Facebook Access?