With about 2 billion monthly active users, WhatsApp is the single most active and popular mobile messenger app. That kind of popularity tends to make software vulnerable, which means there’s good reason to wonder if WhatsApp is safe and secure or if it’s risky to use the service.
The short answer: No messaging system is without vulnerabilities. But even so, WhatsApp is generally considered a secure messaging platform thanks its built-in end-to-end encryption.
“Any social media platform has security risks, and every platform has hackers attempting to break through its security measures,” says Kristen Bolig, CEO at SecurityNerd.
But unlike many similar messaging platforms, WhatsApp is built with strong end-to-end encryption.
“Any messages sent between any users are fully encrypted, so the only people able to decode them are the sender and recipient — not even WhatsApp. So even if hackers intercept a message, they aren’t able to decode it,” Bolig says.
In principle, no one can decrypt the data at any point in the communication process, which is much more robust security than you’ll find in apps like Snapchat, Instagram, and Twitter.
There is a notable caveat, though. Critically, your data, including chat and voice calls, are only secure and encrypted within the WhatsApp chat ecosystem. Both Android and iPhone devices can back up app data — that’s handy in case you need to restore data to a new device.
But by default, this backup is not encrypted. If your backup on iCloud or is hacked, your WhatsApp data is vulnerable. There is a solution, though: It’s possible to encrypt your backups, though this option is disabled by default. To keep your WhatsApp data fully secure, you should enable encryption for your WhatsApp backups.
1. Start the WhatsApp app.
2. If you have an iPhone, tap Settings at the bottom right. On Android, tap the three-dot menu at the top right and choose Settings in the dropdown menu.
3. Tap Chats.
4. Tap Chat Backup.
5. Tap End-to-end Encrypted Backup and then tap Turn On.
In addition, as with any online platform, WhatsApp has a vulnerability in potential incursion from spam messages. For more information and a few security suggestions, see our guide on ways to spot WhatsApp spam and stop it from reaching you.
You might have heard about another risk to your WhatsApp data — this one related to WhatsApp group chats. In 2020, it was discovered that Google indexed links to WhatsApp group chats, which meant that it wasn’t necessary to have the private code to join a chat; it was instead possible to find and join group chats on WhatsApp simply by performing a targeted Google search.
This sounds alarming but it is not as serious as it might at first seem. When someone joins a WhatsApp group chat, for example, everyone in the group is notified, so it’s not possible for a stranger to lurk. “An admin can always change or revoke the group invite link if they see it has been compromised,” says Leslie Radka, founder of GreatPeopleSearch.
But more importantly, this leak was plugged quickly. Within days of this vulnerability’s disclosure in March 2020, “WhatsApp began to include the noindex tag on these pages, which excludes them from indexing,” Radka says. The result: The vulnerability was patched and group chats are no longer discoverable on search engines. There are currently no known security issues that affect WhatsApp users along these lines.