Researchers have discovered that they can obtain around 2 billion profile pictures and 1 billion personal profile statuses via WhatsApp. They found this out after first collecting the phone numbers of 3.5 billion WhatsApp users. Meta had been aware of this leak for over eight years and primarily blames the users themselves for the exposure of profile pictures and profile information.

In WhatsApp, you can see whether someone has a WhatsApp account as soon as you enter their phone number. Often, you can also immediately see that person’s name, profile picture, and status. The Austrian researchers used this feature to systematically check enormous numbers of phone numbers, mapping out 3.5 billion WhatsApp users.

For more than half of these accounts (57 percent, around two billion) the profile picture was visible. For about one billion users, they could even read the personal profile statuses.

WhatsApp had already been warned in 2017 that this system could be misused in this way. So Meta could have limited how often phone numbers could be checked much earlier and thus how profile pictures and information could be accessed.

In a response to Wired, Meta primarily blames the users: the data obtained is “basic publicly available information” if users have not chosen to hide their profile picture and information themselves.

WhatsApp therefore assumes that every user adjusts their own settings, while users mistakenly assume that WhatsApp takes care of their privacy.

WhatsApp is not designed for your privacy by default

Meta’s response once again shows that privacy at WhatsApp is mainly used as a marketing term and that WhatsApp is not designed for your privacy by default.

Various features in the app, such as your profile picture, profile information, ‘last seen’ and online status, are publicly visible by default. WhatsApp itself can also see your profile photo, information about yourself, group names, and the descriptions of your communities and groups, as stated in WhatsApp’s privacy policy.

Moreover, WhatsApp is adding more and more features that are not end-to-end encrypted, such as channels. In the politique de confidentialité supplémentaire pour les Canaux WhatsApp…, il est indiqué que WhatsApp collecte et voit littéralement tout à votre sujet : le contenu que vous consultez, la façon dont vous réagissez, les fonctionnalités que vous utilisez, pendant combien de temps, quand, vos recherches, ainsi que toutes les informations concernant vos abonnés. Ils collectent aussi tout ce qui est partagé dans les canaux, comme des textes, vidéos, photos, documents, liens, GIF, autocollants, contenus audio et sondages.

Messages and calls on WhatsApp are still private and end-to-end encrypted, although this cannot be verified because WhatsApp is closed source.

Signal is designed for you and your privacy

The good news is that more and more people are realizing that WhatsApp is not built for user privacy and are switching to Signal, which does prioritize user privacy and security.

On Signal, profile pictures and profile information are private by default for anyone trying to contact you. Everything is end-to-end encrypted, and Signal cannot see anything you share. All your messages, calls, profile information, groups, and contacts are private, as they should be.

In addition, through Settings > Privacy > Phone Number, you can set it so that no one can find you via your phone number on Signal. Anyone who enters your number on Signal will then see a message that you are not a Signal user. The number of times a phone number can be entered is also limited on Signal.

Furthermore, you can also use Signal with a username, so you never have to share your phone number with others to get in touch.

Last but not least, unlike WhatsApp, Signal is open source, which means you don’t have to take their word for it—you can verify everything yourself.

Be careful with WhatsApp and switch to Signal for privacy

Users who want to continue using WhatsApp despite all privacy concerns surrounding Meta should update their privacy settings as soon as possible to prevent their profile picture and profile information from being misused by criminals—for example, to carry out phishing or scams.

The easiest step is, of course, to simply switch to Signal. Because Signal does not focus on making a profit, the developers can fully concentrate on privacy and security. Other apps, like WhatsApp, need to implement various methods and tricks to eventually make money from your private conversations, which often results in less privacy and weaker security, as this major WhatsApp leak has shown once again.

Don’t have Signal yet? Download Signal for free via your app store.