16, Jul, 2019
WHATSAPP and TELEGRAM MEDIA FILES SAVED IN PHONES ARE VULNERABLE TO ATTACKS - REPORT
The company spokesperson also said, "WhatsApp follows guidelines from Android including: 'You should use external storage for user data that should be accessible to other apps and saved even if the user uninstalls your app, such as captured photos or downloaded files.' We store files in the same manner as other messaging apps (like Viber), email (like Gmail), and file storage apps (like Dropbox)."
If you think the end-to-end encryption on WhatsApp and Telegram means no one can tap into anything you talk about in these platforms, think again! Symantec researchers have found out that media files that you save via these apps are not safe and are vulnerable to cyber attacks.
As per The Verge, the media files saved via these two apps are either saved in internal storage or external storage of the device. If the malware enters your Android smartphone and these files are saved in external storage, malware can easily get access to these files and exploit the data. Malware can even reach these files, even before you have seen them.
In other words, these hackers can even alter outgoing multimedia messages without the user's notice. The researchers are calling it the "Media File Jacking" attack.
A WhatsApp spokesperson told us that they have looked closely into this issue and they will be providing updates in line with Android's ongoing development. He also hinted that this security threat is similar to previous questions regarding the mobile storage affecting the app ecosystem.
“WhatsApp has looked closely at this issue and it’s similar to previous questions about mobile device storage impacting the app ecosystem. WhatsApp follows current best practices provided by operating systems for media storage and looks forward to providing updates in line with Android’s ongoing development,” the spokesperson said.
We have also reached out to WhatsApp and Telegram and will update this space as we hear from them.
And it is not just these two apps, according to the recent news researchers at the International Computer Science Institute (ICSI) found that thousands of app on the Android app store manage to skirt restrictions and gather precise geolocation data and phone identifiers, without user consent.
The study looked at over 88,000 apps on Google Play and tracked how data was transferred from the app when a user denied permissions. Of these, they found 1,325 apps that violated the permission policy and relied on workarounds to retrieve user data without their knowledge.