The new “click to chat” function of whatsapp exposes users to a serious risk, showing the phone numbers on Google
Rather than worry about being tracked by Immuni , an application that is useful for our own good and that does not use GPS to track our movements unlike what many people think, the company we need to worry about most is Facebook, with its related apps such as Instagram and Whatsapp.
The last question regarding privacy issues concerns the latter which on the one hand enhances its end-to-end encryption for individual conversations and on the other takes a slide on the ” Click to Chat ” function.
Click to chat allows website owners to insert a button that will immediately open a conversation window with support. It is widely used on a global level, especially on e-commerce sites in such a way as to respond to any customer concerns before an acquisition.
Well, researcher Athul Jayaram has found that this feature exposes the phone numbers of users in the clear directly in search results on Google . This is because the Whatsapp key does nothing but use a metadata with a redirect to the site https://wa.me/<phone number> and there is no way to hide the metadata from the search results for which these unencrypted phone number links appear on Google. From the phone number it is in turn possible to view a person’s name and photo. In short, it is not the best for Privacy.
After reporting everything to Facebook through the Bug Bounty program , the company replied to the researcher telling him that this is not a security problem:
those who decide to use this function decide to expose their data online. Although this may cause unwanted messages to arrive, each user can block them by pressing a single button.
That’s all. Meanwhile Athul has found over 300,000 phone numbers made public through this mechanism.
The solution would be really simple and we provide it: it would be enough to introduce the nicknames on Whatsapp and expose those on the web instead of the phone number