WhatsApp is the most popular instant messaging application on the market. WhatsApp continues to grow in users and features under the umbrella of Facebook after paying for it a whopping 19,000 million dollars.
As with any mass impact service, malware creators and distributors have long put WhatsApp in the spotlight and there are many malicious campaigns that hundreds of millions of users try to take advantage of.
In addition, the interests of Facebook are a permanent concern for the privacy of the user and the transfer of data between both companies is a clear objective from the announcement of purchase. The European Commission imposed a fine of 110 million euros on Facebook for lying to him in the context of the investigation of the acquisition by providing “incorrect, inaccurate or misleading information”.
This being the case, the user should act to improve the security and privacy of WhatsApp. We propose some useful tips to manage the service.
Verify encryption for sensitive conversations
WhatsApp enables end-to-end encryption by default, but it is good practice to verify it in situations where confidential information is shared, such as financial data. To do so, in a chat window, tap on the contact’s name and then on the encryption. You will see a 40-digit pattern as a security code that the contact can verify by scanning the security code. The ideal is to do it through a different messaging app.
Activate security notifications
When a new phone or computer accesses an existing chat, a new security code is generated for both. WhatsApp can send a notification when the security code changes. In this way, you can verify the encryption with your contact by improving security. To activate security notifications, go to WhatsApp> Settings> Account> Security> Show security notifications.
Enables two-step verification
Two-factor authentication, double authentication or two-step verification (2FA) is a service enabled by multiple Internet services and is a way to prevent a third party from accessing your WhatsApp account without your consent. To activate it, go to Menu> Settings> Account> Verification in two steps. Activate it and follow the process for creating a six-digit PIN code that you can easily remember. It is important that you add a valid email address to retrieve that code in case of forgetting.
Disables cloud backup
The backups through the cloud storage systems are very comfortable and allows to recover files and messages in case of reinstallations. But, be careful if you’re worried about privacy, because the backup stored by Drive or iCloud is not encrypted. In addition, it is available to third parties anxious to have more data and access to government agencies. If you are concerned about the issue, make local copies and disable this option in Android from the Menu> Settings> Settings> Chats> Chat backup> Save to Google Drive> Never. And the same on an iPhone disabling automatic backup.
Protect your privacy
WhatsApp is not the most private messaging client, but in the latest versions it provides some more control. Access the Menu> Settings> Account> Privacy to manage who can see your status, profile picture or account information. In this section you can also disable the location in real time.
Download WhatsApp from official sites
The WhatsApp Web version is easily manipulated as demonstrated by the Electronic Frontier Foundation and was for a time a major threat. The recommended solution was and is to use the desktop app. To use it, it is necessary to synchronize it with the mobile app and require the download from the official website, no matter how much other “special” versions offer greater features or benefits. All are false.
They say it is the “least common” of the senses, but its practice in terms of security is essential. And when it comes to this type of apps where we are in dozens of groups and we have hundreds of contacts even more. The above measures are useless if, for example, we click on any link sent to us. Most malicious malware campaigns are initiated by sending messages and links through groups or even a known contact that recommends it, because they have not known what the movie is about or because it is an already infected contact.
There are these frauds to give and take. Many are phishing attacks, scams that subscribe to SMS Premium services or install third party applications with the objective of achieving an economic benefit. Or even worse, those who ask you for accounts and passwords or financial data under gross deception in which we are still falling. It would not be bad to start by cleaning groups and contacts to limit the routes of attack and special caution with links, images and videos.