The New WhatsApp Policy 2021

WhatsApp has been sending us updates quite often! And they never bothered us, instead it made us feel safe while using the application as it fixed the issues arising with it timely!  But the latest updates in privacy policy which is going to be in force from 8th February 2021 has concerned everyone around the world to the level that even some people have decided to quit using the application. We tried to find out what really is concerning about the new privacy policy!        

As most of us might be frequent users of WhatsApp, it is important for us to know what kind of information is being shared and how? 

WhatsApp has defined the shared information into 2 categories in their policy: 

1) The information you provide them 

2) The information that is collected automatically 

Information You Provide 

There are several pieces of information that you need to provide to WhatsApp in order to use the gain the basic functionalities of the application and use it efficiently. 

Account information: Some basic information is collected and is mandatory for the creation of account like phone number and the name you choose to keep. Further, you can add some additional information and a profile picture, but that’s completely optional!  

Messages: WhatsApp says it does not retain any of your messages in the services provided to you. So, the messages you will sending are stored on your device and not on their servers. 

During the process of delivery of the messages, WhatsApp and other third parties cannot read the messages as WhatsApp uses end-to-end encryption. 

For the messages that could not be delivered ie: if the receiver is not online, the messages stay in their server in encrypted form for up to 30 days in order to attempt the delivery of messages and if still not delivered the message get deleted by WhatsApp. 

Media forwarding messages are stored temporarily in encrypted format in their servers when a user attempts to send them. 

Well! this seems quite secure! 

Transactions and payment data 

If you use their payment services or services for any kind of financial transactions, WhatsApp says, “we process additional information about you, including payment account and transaction information. Payment account and transaction information includes information needed to complete the transaction (for example, information about your payment method, shipping details and transaction amount.” 

And a few other information like your connections on WhatsApp, status information (only if you wish to share it!), and Customer Support and Other Communications like email address for services.  

Automatically Collected Information 

WhatsApp also collect some information automatically like Usage and Log Information, Device and Connection Information, Location Information, Cookies. 

WhatsApp has mentioned “Third- Party Information” in its new policy. Now this is something “Alarming!”  

Having a deep dive into the third-party section of the privacy policy we found some important points to be noted! Ahan! 

Information Others Provide About You (Phone numbers and uploading address book), User Report (for violating and terms or policies), Businesses on WhatsApp, WhatsApp says “Businesses you interact with using our Services may provide us with information about their interactions with you. We require each of these businesses to act in accordance with applicable law when providing any information to us.” So, the business you are interacting with may be working with third party service providers like Facebook to help them manage their communications with their customers and sharing your information in this scenario totally depends on the respective business privacy policy. 

Third-Party Service Providers: WhatsApp says “We work with third-party service providers and other Facebook Companies to help us operate, provide, improve, understand, customize, support, and market our Services.” 

Third-Party Services: WhatsApp says “We allow you to use our Services in connection with third-party services and Facebook Company Products. If you use our Services with such third-party services or Facebook Company Products, we may receive information about you from them.” 

Further, WhatsApp has also mentioned in their new policy about how they work with other Facebook companies 

Being a part of the Facebook companies, WhatsApp exchanges information with them in several aspects one of which is marketing and their offerings, including the Facebook products. 

Further WhatsApp explained in one of its key points stating that “improving their services and your experiences using them, such as making suggestions for you (for example, of friends or group connections, or of interesting content), personalizing features and content, helping you complete purchases and transactions, and showing relevant offers and ads across the Facebook Company Products.”  

Well not just limited to sharing information but an integration of your WhatsApp experiences with Facebook company products. So, a person will be conducting its payments for WhatsApp from its Facebook Pay account. Hmm…Sounds great! 

Looking at the policy updates and the addition of third-party interference into the one of the most used applications in world which is sharing sensitive information, leaves us with several concerns in regards to an individual’s privacy! 

Although the messages we share are encrypted and none can view them, there are several other pieces of information that can disclose a lot about a person. The Account information reveals a person’s name and phone number. Meanwhile the transactions and payment data can be easily used to identify what kind of purchases a person does and how often! The frequencies of the transactions can be used to predict and asses a person’s expenditure and later on can be used to display ads accordingly! Further the automatically collected information reveals a person’s device information, usage and exact location. So, combining all the information being shared, a person’s complete identity and behaviour is being revealed! Which might be okay for people if it was limited to sharing it with WhatsApp as it is only a chat application but providing this information to third-party providers can be worrying! 

We tried to highlight some questions regarding possible outcomes of giving away information in the hands of third-party providers! 

1) Facebook have 88 acquisitions including WhatsApp: Having a wide spread hold in the shares of companies how will Facebook use the WhatsApp customer data to benefit its other investments?   

2) Will the privacy policy remain same for the third-party providers as well? 

3) How will the privacy of the users will be affected if the information collected by Facebook is further processed by other third-party companies?  

Well, until now consequences of information sharing with third-party can only be predicted but the actual impact of this action will be seen only after the policy is implemented. 

Author: Mohammad Usman Rais (Cyber Security intern)

Leave a Comment

Your email address will not be published. Required fields are marked *