WhatsApp Among Worst Apps for User Privacy Protection, Study Says

Facebook`s WhatsApp mobile messaging app has received the poorest rating regarding user privacy protection, according to the “Who Has Your Back” report, issued by Electric Frontier Foundation.

WhatsApp has earned only one star from a possible five. The company had a year to prepare for its inclusion in the report, but it has adopted none of the best practices recommended.

“WhatsApp should publicly require a warrant before turning over user content, publish a law enforcement guide and transparency report, have a stronger policy of informing users of government requests, and disclose its data retention policies,” the study authors wrote. “WhatsApp does get credit for Facebook`s public position opposing back doors, and we commend Facebook for that.”

Here are the main issues regarding WhatsApp`s user privacy intrusion:

WhatsApp does not demand a warrant before giving content to law enforcement. Nor does it publish a transparency report or a law enforcement guide or promise advance notice to users about government data demands. Neither does WhatsApp publish its data retention policies, including retention of IP addresses and deleted content.

Since WhatsApp has no strong direct position on user privacy, its parent company, Facebook, opposes the compelled inclusion of deliberate security weaknesses.

On behalf of itself as well as WhatsApp, Facebook signed a coalition letter organized by the Open Technology Institute, which stated: “We urge you to reject any proposal that U.S. companies deliberately weaken the security of our products. Whether you call them `front doors` or `back doors,` introducing intentional vulnerabilities into secure products for the government`s use will make those products less secure against other attackers. Every computer security expert that has spoken publicly on this issue agrees on this point, including the government`s own experts.”

WhatsApp has more than 800 million monthly active users worldwide as of April 2015.

“Who Has Your Back” is an annual report charting tech companies` commitment to user privacy, using five criteria to assess their policies and practices: industry-accepted best practices, telling users about government data requests, public disclosure of data retention policies, disclosure of the number of times governments seek removal of user content or accounts and how often the company complies, and pro-user public policies like opposing backdoors.

“Users should look to companies to be transparent about the types of content that is blocked or censored in response to government requests, as well as what deleted data is kept around in case government agents seek it in the future,” the report added.

Nine companies earned five stars in every category available: Adobe, Apple, CREDO, Dropbox, Sonic, Wickr, Wikimedia, WordPress.com and Yahoo.