Facebookâ€™s WhatsApp mobile messaging app has received the poorest rating regarding user privacy protection, according to the â€œWho Has Your Backâ€Â report, issued by Electric Frontier Foundation.
WhatsApp has earned only one star from a possible five. The company had a year to prepare for its inclusion in the report, but it has adopted none of the best practices recommended.
â€œWhatsApp should publicly require a warrant before turning over user content, publish a law enforcement guide and transparency report, have a stronger policy of informing users of government requests, and disclose its data retention policies,â€ the study authors wrote. â€œWhatsApp does get credit for Facebookâ€™s public position opposing back doors, and we commend Facebook for that.â€
Â Here are the main issues regarding WhatsAppâ€™s user privacy intrusion:
WhatsApp does not demand a warrant before giving content to law enforcement. Nor does it publish a transparency report or a law enforcement guide or promise advance notice to users about government data demands. Neither does WhatsApp publish its data retention policies, including retention of IP addresses and deleted content.
Since WhatsApp has no strong direct position on user privacy, its parent company, Facebook, opposes the compelled inclusion of deliberate security weaknesses.
On behalf of itself as well as WhatsApp, Facebook signed a coalition letter organized by the Open Technology Institute, which stated: â€œWe urge you to reject any proposal that U.S. companies deliberately weaken the security of our products. Whether you call them `front doorsâ€™ or `back doors,â€™ introducing intentional vulnerabilities into secure products for the governmentâ€™s use will make those products less secure against other attackers. Every computer security expert that has spoken publicly on this issue agrees on this point, including the governmentâ€™s own experts.â€
WhatsApp has more than 800 million monthly active usersÂ worldwide as of April 2015.
â€œWho Has Your Backâ€Â is an annual report charting tech companiesâ€™ commitment to user privacy, using five criteria to assess their policies and practices: industry-accepted best practices, telling users about government data requests, public disclosure of data retention policies, disclosure of the number of times governments seek removal of user content or accounts and how often the company complies, and pro-user public policies like opposing backdoors.
â€œUsers should look to companies to be transparent about the types of content that is blocked or censored in response to government requests, as well as what deleted data is kept around in case government agents seek it in the future,â€ the report added.
Nine companies earned five stars in every category available: Adobe, Apple, CREDO, Dropbox, Sonic, Wickr, Wikimedia, WordPress.com and Yahoo.