What happens according to analyst Bass Bosschert is due to the permissions that are granted to the different applications when they are installed in the Android operating system and, according to this specialist, it would be possible to obtain the list of messages from WhatsApp that is stored in the terminal.
The point is that if you are not careful with the permissions that are granted, private conversations can be unprotected from third parties. According to Bosschert, a person who has been an IT analyst for ten years, a developer can create an application that has access to the contents of the SD card and, maliciously, have access to the messages that WhatsApp stores in it to, later, send them to their own web address.
Even to demonstrate that it is possible to do this, in this link the analyst indicates how it is possible create an app that he gets to do what we have indicated before. That is, the user's message database is accessed without the user's knowledge, since they have permissions to work with the place where it is stored. What's more, reportedly “users would not realize that their database has been copied or accessed".
The truth is that security has always been a very thorny issue regarding WhatsApp, but these issues seem to have received a boost since Facebook's purchase of the development. An example of this is that a student at the University of Utrecht, Thijs Alkemade, indicates that the incoming and outgoing messages in this messaging application use the same password, which could be a reason for an attack and if it is intercepted, the text it contains could be obtained. This was also reason for explanation as can be seen in this link.
The fact is that these problems can be a reality and the solution, at least as far as the database is concerned, would be to avoid granting permissions indiscriminately (especially to SD cards). Since these cards have serious security holes and it is one of the reasons Google gives for not making it an option on its Nexus devices, at least to date.
In addition to permissions on AndroidToday, it's worth considering other aspects that directly impact the protection of your chats: restoring backups to Google Drive, privacy features on linked devices, and vulnerabilities detected in desktop clients.
Restoring Backups on Android: The Role of Google's Two-Step Verification
Several users have reported a critical failure when restoring backups from Google Drive even though the copy is valid. The less obvious cause is usually the Google two-step verification (2SV/2FA) enabled on the account hosting the backup: When enabled, the initial negotiation may fail and WhatsApp may display vague messages such as “your chats cannot be restored.” For specific cloud restore scenarios, see how to restore from the cloud. restore backups from Google Drive.
- Try disabling temporally Two-step verification of your Google account, clean cache and data from WhatsApp, uninstall and reinstall from Play Store.
- Before opening it for the first time, go to System Settings → Applications → WhatsApp and enable all permissions (contacts, storage, etc.). This prevents access blocks during the wizard.
- During the installation, skip “restore from another device” and let it detect the Drive backup. If it restores, go back to your Google account and reactivate two-step verification.
Some have tried to recover the copy with third-party software such as droidkit, which also requires disabling 2FA. Our recommendation is minimize the checkout window, immediately reactivate 2FA and avoid relying on external tools for sensitive data.
Other reasons why copying fails and how to fix them
Beyond 2FA, there are common causes: not having the 2FA function activated automatic copies (Settings → Chats → Backup → Frequency, ideally daily); attempt to restore or upload using mobile data without allowing it (enable Save using mobile data if you need it, taking into account consumption); or have poor coverage, which makes it seem like the process is not moving forward.
El space It's also key: in Google Drive, copies already count toward your quota, and in iCloud, you need extra headroom (it's usually recommended to be several times the size of your copy). Consider free up storage on your account or exclude youtube from the copy, free up storage in your account or expand with plans like Google One if you fall short.
If the phone is at the storage limit, the apps fail: delete Cache, delete unnecessary files and free up space before trying again. Also check that you have WhatsApp updated and the operating system does not accumulate pending updates, since older versions cause compatibility errors.
When all else fails, delete data or reinstall the app. Important: If there is no previous backup in the cloud and your only history is on the device, do not delete data or you will lose it. In that case, try again first export chats or create a local/cloud copy before acting.
Complex Transfers: Using an Older APK Version (Advanced Method)
During phone-to-phone migrations (e.g., with Samsung Smart Switch) some users have managed to restore only by installing a earlier version from WhatsApp on top of the transferred data. Reported guidelines:
- Once the transfer is complete, don't open WhatsAppUninstall it by choosing “keep data” if your device allows it.
- Install a Previous APK from trusted repositories (APKMirror/APKPure). After logging in, the app detects the data and restores it. You can then update from the Play Store.
- If you get an error while installing, try another build or clean up leftovers, but avoid deleting data if you don't have a copy in Drive/iCloud.
This method is useful if the current version has a bug with the restoration. However, it does involve risks- Installing APKs outside of the Play Store requires verifying the source and integrity of the file.
Desktop Risks: Vulnerabilities in WhatsApp for Windows
A has been documented vulnerability in WhatsApp for Windows that allowed an attacker to send malicious files with manipulated extensions to make the application treat them incorrectly and execute bar code. Although this vector affects the desktop client, its impact reaches Android users who vinculan the mobile with the PC.
Recommendations: Keep WhatsApp for Windows updated manually If you don't get the latest version and avoid opening suspicious attachments even if they come from known contacts. Companies continue to investigate whether there was active exploitation; the main mitigation is update and prudence with the files.
Blocking chats and linked devices: a hidden loophole
The function of blocked chats Protect conversations on your mobile phone with a fingerprint, face or password, but on devices linked (PC, tablet) these chats may not be hidden or require credentials. Expert sources indicate that the company is already testing extending protection to linked devices.
How to block today: Open a chat, tap the contact name → Block (below Temporary Messages) and choose the protection methodUntil the extension reaches linked computers, avoid leaving sessions open on shared or password-less computers, and log out on devices you don't control.
Final tip: WhatsApp security doesn't depend on a single setting. Check the permits that you grant, control your Backup (frequency, space, connectivity and 2FA), updates clients in all devices and use features like encryption security notifications to detect key changes. With these practices, you can dramatically reduce the exposure of your chats and keep your privacy safe on Android, desktop, and connected devices.
Source: Business Insider.
