WhatsApp

From Wikipedia, the free encyclopedia - View original article

WhatsApp
WhatsApp logo.svg
Developer(s)WhatsApp Inc.
Stable release
Operating systemGoogle Android, BlackBerry OS, Apple iOS, Nokia Series 40, Nokia Asha platform, Symbian, and MS Windows Phone
Available inMultilingual
TypeInstant messaging
LicenseProprietary
Websitewww.whatsapp.com
 
Jump to: navigation, search
WhatsApp
WhatsApp logo.svg
Developer(s)WhatsApp Inc.
Stable release
Operating systemGoogle Android, BlackBerry OS, Apple iOS, Nokia Series 40, Nokia Asha platform, Symbian, and MS Windows Phone
Available inMultilingual
TypeInstant messaging
LicenseProprietary
Websitewww.whatsapp.com

WhatsApp Messenger is a proprietary, cross-platform instant messaging subscription service for smartphones. In addition to text messaging, users can send each other images, video, and audio media messages. The client software is available for Google Android, BlackBerry OS, BlackBerry 10, Apple iOS, Nokia Series 40, Symbian S60, Nokia Asha platform and MS Windows Phone. WhatsApp Inc. was founded in 2009 by American Brian Acton and Ukrainian Jan Koum (also the CEO), both former employees of Yahoo!, and is based in Santa Clara, California.[1][2]

Competing with a number of Asian-based messaging services (like LINE, KakaoTalk, and WeChat), WhatsApp handled ten billion messages per day in August 2012,[3] growing from two billion in April 2012[4] and one billion the previous October.[5] On 13th June, 2013, WhatsApp announced on Twitter[6] that they had reached their new daily record by processing 27 billion messages. According to the Financial Times, WhatsApp "has done to SMS on mobile phones what Skype did to international calling on landlines."[7]

As of November 10, 2013, WhatsApp has over 190 million monthly active users, 400 million photos are shared each day, and the messaging system handles more than 10 billion messages each day.[8][9]

Technical[edit]

WhatsApp uses a customized version of the open standard Extensible Messaging and Presence Protocol (XMPP).[10] Upon installation, it creates a user account using one's phone number as username (Jabber ID: [phone number]@s.whatsapp.net). WhatsApp software automatically compares all the phone numbers from the device's address book with its central database of WhatsApp users to automatically add contacts to the user's WhatsApp contact list. Previously the Android and S40 versions used an MD5-hashed, reversed-version of the phone's IMEI as password,[11] while the iOS version used the phone's Wi-Fi MAC address instead of IMEI.[12][13] A recent update now generates a random password on the server side.[14]

WhatsApp is supported on most Android, BlackBerry, iPhone, Nokia, and Windows smartphones. All Android phones running the Android 2.1 and above, all Blackberry devices running OS 4.7 and later, and all iPhones running iOS 4.3 and later. However, some Dual SIM devices may not be compatible with Whatsapp, though there are some workarounds for this.[15]

Multimedia messages are sent by uploading the image, audio or video to be sent to a HTTP server and then sending a link to the content along with its Base64 encoded thumbnail (if applicable).[16]

Security[edit]

In May 2011, a security hole was reported which left WhatsApp user accounts open for session hijacking and packet analysis.[17] WhatsApp communications were not encrypted, and data was sent and received in plaintext, meaning messages to easily be read if packet traces are available.[18] In September 2011, WhatsApp released a new version of the Messenger application for iPhones, closing critical security holes that allowed forged messages to be sent and messages from any WhatsApp user to be read.[19]

On January 6, 2012, an unknown hacker published a website (WhatsAppStatus.net) that made it possible to change the status of an arbitrary WhatsApp user, as long as the phone number was known. To make it work, it only required a restart of the app. According to the hacker, it is only one of the many security problems in WhatsApp. On January 9, WhatsApp reported that it had resolved the problem, although the only measure actually taken was to block the website's IP address. As a reaction, a Windows tool was made available for download providing the same functionality. This problem has since been resolved in the form of an IP check on currently logged in session.[20][21]

On January 13, 2012, WhatsApp was pulled from the iOS App Store, and the reason was not disclosed. The app was added back to the App Store four days later.[22]

In May 2012, security researchers noticed that new updates of WhatsApp no longer sent messages as plaintext,[23][24][25] the cryptographic method implemented was subsequently described as "broken".[26][27] As of August 15, 2012, the WhatsApp support staff claim messages are encrypted in the "latest version" of the WhatsApp software for iOS and Android (not including BlackBerry, Windows Phone and Symbian), without specifying the implemented cryptographic method.[28]

German Tech site The H demonstrated how to use WhatsAPI to hijack any WhatsApp account on September 14, 2012.[29] Shortly after a legal threat to WhatsAPI's developers was alleged, characterized by The H as "an apparent reaction" to security reports, and WhatsAPI's source code was taken down for some days.[30] The WhatsAPI team has since returned to active development.[31]

Privacy[edit]

A major privacy and security problem has been the subject of a joint Canadian-Dutch government investigation. The primary concern was that WhatsApp required users to upload their entire mobile phone's address book to WhatsApp servers so that WhatsApp could discover who, among the users' existing contacts, is available via WhatsApp. While this is a fast and convenient way to quickly find and connect the user with contacts who are also using WhatsApp, it means that their address book was then mirrored on the WhatsApp servers, including contact information for contacts who are not using WhatsApp. This information was stored in hashed, though not salted form and without "additional" identifying information such as a name, although the stored identifying information is sufficient to identify every contact.[32][33][34][35]

WhatsApp uses a timestamp feature, which gives the ability to view the last time a user was logged-on (or "Last seen"), unless expressly blocked by said user. This feature is considered to be a privacy problem. While iPhone users can choose to disable this feature, Android users cannot.[36]

WhatsApp allows you to view the profile picture and current "Status" of every user, as long as that user is enlisted in Contacts.[37]

On March 31, 2013, the telecommunications authority in Saudi Arabia, the Communications and Information Technology Commission (CITC), issued a statement regarding possible measures against WhatsApp, among other applications, unless the service providers took serious steps in order to comply with monitoring and privacy regulations.[38]

See also[edit]

References[edit]

  1. ^ El pais, 2012 Jul 9  .
  2. ^ Eric, Jackson (December 3, 2012). "Why Selling WhatsApp To Facebook Would Be The Biggest Mistake of Jan Koum's and Brian Acton's Lives". Forbes. Retrieved 3 May 2013. 
  3. ^ Olanof, Drew (August 23, 2012). "WhatsApp hits new record with 10 billion total messages in one day". The Next Web. Retrieved January 29, 2008. 
  4. ^ Sushma, Parab (April 4, 2012). "WhatsApp founder to operators: ‘We're no SMS-killer, we get people hooked on data’". The Next Web. Retrieved January 29, 2013. 
  5. ^ Olanoff, Drew (October 31, 2011). "WhatsApp users now send over one billion messages a day". TheNextWeb. Retrieved January 29, 2013. 
  6. ^ WhatsApp, 27 Billion msgs handled in just 24 hours! (µblog), Tweeter, "New daily record: 10B+ msgs sent (inbound) and 17B+ msgs received (outbound) by our users" 
  7. ^ Bradshaw, Tim (November 14, 2011). "WhatsApp users get the message". The Financial Times (London). Retrieved January 29, 2013. 
  8. ^ "What’s app: 190 million monthly active users", The Verge, 2013-8-6, retrieved 2013-10-22  .
  9. ^ Parmy Olson (10 November 2013). "Teenagers say goodbye to Facebook and hello to messenger apps". The Guardian. Retrieved 11 November 2013. 
  10. ^ Shakal (March 22, 2011). "WhatsApp? Nicht ohne Risiken" [http://translate.google.com/translate?hl=de&sl=de&tl=en&u=http%3A%2F%2Fshakal.blog.de%2F2011%2F03%2F22%2Fwhatsapp-risiken-10872342%2F WhatsApp? Not without risks] (Google Translate) (World Wide Web log) (in German). DE. Retrieved January 29, 2013. .
  11. ^ Team Venomous (venomous0x). "Interface to WhatsApp Messenger" (blog). GitHub. Retrieved January 26, 2013. 
  12. ^ Amodio, Ezio (September 11, 2012). "Whatsapp – iOS password generation". IT. Retrieved January 29, 2013. 
  13. ^ Granger, Sam (September 5, 2012). "WhatsApp is using IMEI numbers as passwords". Retrieved January 29, 2013. 
  14. ^ "Wassapp login issues" (blog). Lowlevel Studios. December 11, 2012. Retrieved January 29, 2013. "Wassapp is a PC application developed to be a non-official client for WhatsApp Messenger" 
  15. ^ Emenike, Kelechi (September 16, 2013). "Download WhatsApp on non-compatible Dual-SIM Phones" (blog). NG: ECHO. Retrieved September 29, 2013. 
  16. ^ Team Venomous (venomous0x) (November 28, 2012) [May 29, 2012]. "WhatsAPI / README.md" (blog). GitHub. Retrieved January 29, 2013. 
  17. ^ McCarty, Brad (May 23, 2011). "Signup goof leaves WhatsApp users open to account hijacking". The Next Web. Retrieved January 29, 2013. 
  18. ^ Brookehoven, Corey (May 19, 2011). "Whatsapp leaks usernames, telephone numbers and messages". Your daily Mac. Retrieved July 18, 2011. [dead link]
  19. ^ Kurtz, Andreas (September 8, 2011). "Shooting the Messenger". Retrieved September 11, 2011. 
  20. ^ Schellevis, Joost (January 12, 2012). "What’s app status: van Anderen os nog steeds te wijzigen" (in Dutch). Tweakers. Retrieved January 12, 2012. 
  21. ^ rvdm (January 12, 2012). "How What’s app net works". Wire trip. Retrieved April 7, 2013. 
  22. ^ Reventós, Laia (July 3, 2012). "Dentro de WhatsApp" [Inside What’s app]. El Pais (in Spanish) (Madrid). Retrieved January 26, 2013. 
  23. ^ "Whatsapp ya cifra los mensajes" [What’s app already encrypts messages]. Mi equipo está loco (in Castilan). ES: IT Pro. May 11, 2012. Retrieved May 31, 2012. 
  24. ^ BB, David (May 8, 2012). "Twitter" (status). Retrieved May 31, 2012. 
  25. ^ Sp0rk bomb (May 10, 2012). "Twitter". Retrieved May 31, 2012. 
  26. ^ "WhatsApp is broken, really broken". File perms. September 12, 2012. Retrieved February 8, 2013. 
  27. ^ djwm (May 13, 2012). "Sniffer tool displays other people's WhatsApp messages". H (online ed.). Heinz Heise. Retrieved January 29, 2013. 
  28. ^ "Are my messages secure?". WhatsApp (FAQ). Zendesk. August 15, 2012. Retrieved January 29, 2013. 
  29. ^ fab (September 14, 2012). "WhatsApp accounts almost completely unprotected". The H (online ed.). Heinz Heise. Retrieved January 26, 2013. 
  30. ^ crve (September 25, 2012). "WhatsApp threatens legal action against API developers". The H (online ed.). Heinz Heise. Retrieved January 26, 2013. 
  31. ^ wnstnsmth (September 30, 2012). "WhatsAPI sources back online". The H (online ed.). Heinz Heise. Retrieved January 26, 2013. 
  32. ^ Wisniewski, Chester (January 29, 2013). "WhatsApp's privacy investigated by joint Canadian-Dutch probe". Naked security (Sophos). Retrieved January 29, 2013. 
  33. ^ "Investigation into the personal information handling practices of WhatsApp Inc.". Findings under the Personal Information Protection and Electronic Documents Act (PIPEDA). Report of Findings. Privacy Commissioner of Canada. January 15, 2013. 2013-001. Retrieved January 29, 2013. 
  34. ^ gh, h (January 28, 2013). "WhatsApp could face prosecution on poor privacy". IDG (CXO Media). Retrieved January 29, 2013. "Dutch and Canadian privacy commissioners conducted a yearlong investigation into the popular mobile app" 
  35. ^ "How do I hide my last seen at time?". Android FAQ (What’s app). 
  36. ^ "5. User Status Submissions". Legal Info. WhatsApp. 
  37. ^ "CITC warns Skype, Viber, WhatsApp". Saudi Gazette (Jeddah). March 31, 2013. 

External links[edit]

Reviews[edit]