WhatApp exploit allows stalkers to track people you chat with

Highlights
  • A new WhatsApp exploit has been discovered by the developers of Traced, a mobile cybersecurity app
  • The exploit lets stalkers install third-party applications to track the WhatsApp activity of one or multiple WhatsApp users without their consent
  • It leverages WhatsApp users’ inability to hide their ‘online’ status from non-contacts

Yet another WhatsApp vulnerability has surfaced online just days after reports revealed a hack that could let anyone deactivate your account. The new vulnerability in the popular app allows cyberstalkers to determine when their victim is online and using a fairly simple trick: WhatsApp doesn’t let users hide their ‘online/ offline’ status even from non-contacts, so all one needs is a phone number and WhatsApp Online Status Tracker apps/ websites to track the online habits of their victim. The good folks over at Traced did a deep dive into the matter and found the results to be terrifying. There appear to be quite a few WhatsApp Online Tracker services that allow people to stalk pretty much anyone they want on the app with virtually no reprecussions.

Also read: This dangerous WhatsApp flaw lets anyone suspend your account, here’s how to protect yourself

Traced tested out two such apps and found them to be quite user-friendly. The apps allow users to add multiple numbers to the list and compare when both accounts are online. This helps the stalker determine if their victim was chatting with a suspected contact. As you can see in the attached screenshot below, it can also help a stalker keep track of how long two contacts have had a conversation, all without the knowledge of either party. 

Given the vast, borderline features offered by said apps, it is a mystery as to how they evaded the Google Play Store’s guidelines about malware. Among other things, it could be due to the fact that the software isn’t installed on the victim’s devices and uses a perfectly legitimate method of tracking users. One can only hope that Google updates its policies to address such apps sooner rather than later.

The most appalling part of all this is that a user can do literally nothing to protect themselves against stalkers. While it is possible to hide your ‘last seen’ from everyone, the same privilege isn’t extended to the ‘online’ status. The only way to go about it is to block a contact entirely, but that is of little help if the stalker uses a different phone number to stalk their victim.