With all the apps available, there are plenty of options for digital messaging aside from your phone's built-in texting function. WhatsApp stands out as one of the more popular programs for people who want to communicate with a big group, make voice calls, and otherwise stay in touch with their friends and loved ones. But just like with any other online service, the risk of scams and data breaches on WhatsApp is always a possibility. That's why it's fair to take a second before downloading and ask whether WhatsApp is safe to use. We've reached out to cybersecurity experts to get their take on the messaging app and how to manage the security risks it could pose.
RELATED: How to Set Up a VPN to Stay Safe Online.
What Is WhatsApp?
Shutterstock
If you are a smartphone user, you likely know that you can directly message people through a few different avenues: In addition to regular texts, you can directly message other users of social media platforms through those platform (such as through an Instagram direct message) or you can send messages through a standalone messaging app. WhatsApp falls squarely into the latter category.
"WhatsApp is a widely used messaging application that allows users to send text messages, make voice phone calls and video calls, and share images, documents, and other media with other WhatsApp users," says Seth Geftic, vice president of product marketing at cybersecurity company Huntress. "It operates over the internet, making it accessible from both mobile devices and desktop computers."
The program—which is now owned by Meta, formerly known as Facebook—has also become popular because it's relatively easy to start using. "It uses your phone number as a unique identifier to set up your WhatsApp account and use its messaging infrastructure, allowing you to connect with users from your contacts who also use its platform," says Yashin Manraj, CEO of software security company Pvotal. This means that you can easily find friends, family, and associates once you've downloaded the WhatsApp app.
Is It Free?
Shutterstock
Similar to other popular messaging apps, WhatsApp doesn't take much to set up and start using—and it doesn't require any kind of payment or subscription.
"WhatsApp is free to download and use," says Geftic. "It does not charge users for messaging or calls, but it does require an internet connection, either via Wifi or mobile data, which you’d have to pay for depending on your data plan."
How Does WhatsApp Work?
At first glance, WhatsApp provides many of the same features your phone already has built-in.
"WhatsApp uses your phone's internet connection to let you message and call friends and family," explains Geftic. "Of course, if you grant it access, it integrates with your phone's contact list, allowing you to easily connect with people who also have the app. This makes it so that users can create group chats, send messages to multiple contacts at once, and share things like photos or videos."
However, according to John Price, CEO of SubRosa, a cybersecurity consultancy, WhatsApp is different because it claims to secure communications with end-to-end encryption.
"This means messages are encrypted on the sender’s device and only decrypted on the recipient's device, making it impossible for anyone— including WhatsApp or third parties—to read them in transit," he explains.
RELATED: 10 Tech Tips for Seniors: How to Master Your Devices.
Is WhatsApp Safe?
Shutterstock
Security features such as end-to-end encryption are a compelling argument for using WhatsApp over other messaging apps to chat. But despite this added benefit, is WhatsApp secure overall? Experts have mixed opinions on the matter.
"WhatsApp incorporates several security features, making it relatively safe compared to many other messaging platforms," says Geftic. "But while end-to-end encryption offers robust security where theoretically only the sender and recipient can access the information, it is not infallible and you should still remain vigilant, update the software regularly, and be mindful of phishing attacks."
Before you begin sending WhatsApp messages, there are a few things you should know.
Is WhatsApp Safe for Sharing Private Photos?
Sharing snaps with friends and family is an everyday occurrence for most people. But if you planning on sending private photos on the messaging app, you'll want to keep a few things in mind.
"Sharing photos via WhatsApp is generally safe as the encryption protects the images during transmission, ensuring they are not accessible to unauthorized parties," says Geftic. "However, once private photos are received and opened, they are susceptible to risks if the recipient's device is compromised or if they are shared further without protective measures, potentially exposing sensitive content to unintended viewers."
There's also a potential issue with stored WhatsApp data. "If cloud backups are enabled, these are not protected by WhatsApp’s end-to-end encryption and could potentially be accessed by unauthorized parties," warns Price.
Are My Conversations Secure on WhatsApp?
guteksk7/Shutterstock
Unfortunately, though WhatsApp encrypts its messages, many of the same risks with images apply to the conversations you're having.
"End-to-end encrypted messages are secure during transmission, shielded from eavesdroppers and interceptors. However, once a conversation reaches the recipient and is displayed on their device, it becomes vulnerable to threats if the device is compromised, or if details are inadvertently shared or exposed through screenshots or overheard discussions," says Geftic.
Essentially, this means your WhatsApp message could end up in someone else's hands if your or someone else's device falls prey to a hacker or other bad actor. This means that even if you use WhatsApp safely, your messages could still be exposed due to someone else's mistake.
"While there is no evidence that the end-to-end encryption of WhatsApp has been breached, there have been a lot of individual instances where media or messages shared are leaked, hacked, or otherwise obtained from WhatsApp conversations," says Manraj.
WhatsApp Security Risks
The digital age has proven that no app or program is invincible or impenetrable. It's important to keep this in mind, even though some of its features make WhatsApp secure in ways other messaging apps are not.
"Despite its strong encryption, WhatsApp is not without security risks," says Alexander Linton, director of the messaging app Session.
Here's what you should know about the cybersecurity risks of using the messaging app:
Metadata
Personal data breaches have become shockingly common. Unfortunately, experts say the messaging platform could be another potential outlet for exposure.
"People are concerned about WhatsApp collecting and sharing user metadata," says Linton. "Although metadata might not seem like a big deal, it can significantly compromise your privacy."
Manraj points out that the app can collect a lot of information on your usage within WhatsApp and more depending on your phone's permissions. "This includes your online activity and patterns, where you are communicating from, who you are communicating with, the frequency of communications, and the type of communication (e.g. text, voice, video, and media)," he says.
With the extensive metadata gathered, WhatsApp can make certain assumptions about your identity, location, relationships, and daily activity. "This data is valuable to targeted advertisers, intelligence networks, and other agencies that seek to extend the level or depth of knowledge about individuals or groups of individuals," Manraj says.
Malware
We've been taught to be on the lookout for viruses to keep our devices safe. Unfortunately, encryption doesn't make WhatsApp safe from the threat of these weapons being used on the service.
"No system is perfectly secure, and with something as popular as WhatsApp, endpoint security is generally going to be the largest risk," says Linton. "That means the most likely vulnerability will actually come from your own device, such as if a would-be hacker installs malware on your laptop."
According to Geftic, malware can be downloaded to your device when you click on malicious links or download untrusted files.
"Attackers can also use other social engineering tactics, which are manipulative strategies used by cybercriminals to trick individuals into divulging sensitive information or granting access to restricted systems," he adds.
Phishing
The seemingly unending wave of spam texts and emails is proof that phishing scams are everywhere. And as a messaging app, WhatsApp is the perfect hunting ground for some criminals.
"Phishing attacks are scammers sending messages that appear to be from WhatsApp or other trusted sources to trick users into revealing personal information," says Geftic. "Don’t underestimate how well thought out these attacks can be, tricking even users that are very familiar with digital devices."
RELATED: What Is Mobile Passport Control, and Is It Right for You?
SIM Swap Attacks
Having your WhatsApp account tied to your phone number makes it convenient to set up and to contact the people you know. However, it also makes the service vulnerable to one particular type of security breach.
"Because WhatsApp uses phone numbers for sign-up and authentication, it inherits vulnerability to things like SIM swap attacks," says. Linton. This describes what happens when a hacker is able to gain access to a person's phone number and therefore their WhatsApp account.
Common WhatsApp Scams
In the era of robocalls and sketchy text messages, scam attempts have become a part of everyday life. Unfortunately, messaging apps are not immune to these attacks.
"WhatsApp is a prime target for scammers due to its popularity," says Linton. "This problem is absolutely exploding right now due to the rise of AI-assisted scammers and hackers. Attacks are becoming more common and more sophisticated at a really alarming rate."
Before you get swindled, here's what you need to know:
Social Engineering Attacks
"Common scams include social engineering attacks where a hacker will try and impersonate a family member, asking for money or to try and gain access to your account. Other social engineering attacks may attempt to impersonate your bank, a government service, or even WhatsApp itself," says Linton.
Phishing Scams
Just as you do in your email inbox and text messages, you're likely to receive messages on WhatsApp from scammers pretending to be someone else in order to steal your information.
"While WhatsApp has taken measures to add more warning signs to suspicious messages or numbers, scammers have had a much higher success rate spreading phishing links to popular events, claiming free tickets to concerts, sporting events, or even pay-per-view events such as UFC fights to collect private information from the unsuspected users," says Manraj.
Because of this, Geftic says to avoid clicking on suspicious links or downloading untrusted files and urges users to verify that their contacts are who they say they are.
Verification Code Scams
WhatsApp uses two-step verification for account setup, meaning that it sends a special code to new users via text message to confirm their identity. However, this can be exploited.
"Attackers trick users into sharing their verification code, which is then used to hijack their account," explains Geftic. He adds that you should always be wary of anyone reaching out and claiming to need this code.
Fake Support Messages
oasisamuel/Shutterstock
It's not just about account set up, either: Geftic says that scammers will also often pose as WhatsApp support staff. They'll ask for personal information or payment details to steal money or commit identity theft. And while this isn't a problem unique to WhatsApp, it's still important to be aware of it.
RELATED: Is Venmo Safe? How to Protect Yourself and Your Funds.
How to Keep Your Information Secure on WhatsApp
Even with all the threats out there, there are a few things you can do to make WhatsApp secure. Here's what the experts recommend:
Enable Two-Step Verification (and Use Other Security Features)
If you're concerned about safety, Geftic says it's best to ensure you have the right security features turned on.
"Enable two-step verification, an extra layer of security that asks for your PIN in addition to the verification code," he advises. "Also, keep WhatsApp updated to ensure you have the latest security patches to any known weakness and make sure your phone has a strong password, such as using biometric security features like fingerprint or facial recognition."
Check Your Settings
While default usage includes end-to-end encryption, you should still check your WhatsApp settings to make sure you're not setting yourself up for problems.
"Turn off automatic downloads and regularly check your linked devices to remove old or unfamiliar devices," suggests Linton. "If you want to be extra cautious, you can also turn on notifications for security code changes—which will provide an alert if someone in the chat has changed devices or login session."
"It's also a good idea to share this advice with your friends and family, to make sure everyone can try to stay secure," he adds.
Be Wary of What You Share
Worried about something getting out there? Like any other social tool, WhatsApp should never be used to share information that can eventually become public knowledge.
"Unfortunately, having any reasonable expectation of privacy on a free messaging app that monetizes the information it can extract from users would be wrong," says Manraj. "As its usage becomes more ubiquitous, we can expect state actors and private groups to ramp up efforts to break any form of encryption that WhatsApp users can access the valuable information being shared on WhatsApp."
Conclusion
So, is WhatsApp safe? Experts agree that the messaging service's end-to-end encryption does provide extra security in comparison to other apps and that WhatsApp is an easy way to stay in touch with friends and family via phone calls, video calls, and messages. But know that if you're planning to use it to send private photos or discuss personal data points, there's still the risk of your information being exposed.
Experts say scammers are active on the app, requiring users to stay vigilant. To use WhatsApp as safely as possible, enable privacy and security features and stay current on updates. And as with any service, be sure not to share personal information with anyone.