NEW DELHI: If you use WhatsApp on an Android phone, you should be careful about what you talk about or share on the instant messaging app. Using a few scripts and a rogue app, anyone can peer into your chat logs and see what you talk about with your friends.

A Dutch security consultant has found that WhatsApp chat logs saved on the SD card of an Android phone can be read by other apps because of the way Android allows sharing of data between apps.

“The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card. And since majority of the people allows everything on their Android device, this is not much of a problem,” Bas Bosschert wrote on his blog.

“What do we need to steal someone’s WhatsApp database? First we need a place to store the database,” Bosschert explained. “Next thing we need is an Android application which uploads the WhatsApp database to the website.”

When an Android application is installed, whether from the Play store or through an APK file, which is an installer file for Android phones and can be downloaded from various sources, the app requests for permissions to use network and SD card etc.

To explain his hack, Bosschert set up a web server and then created an Android application that required several special permissions on a user’s phone. But because Android OS allows applications to access various parts of the phone – this is why users can conveniently share almost everything through any app on Android phone – Bosschert’s app had no difficulty gaining access to WhatsApp data.

Bosschert wrote that the code that allows his application to access WhatsApp data and then upload it to his web server can be added to a popular Android app by a rogue developer to fool users and steal WhatsApp chat logs. … see more

source: times of india