Data Privacy: WhatsApp may not, but your keyboard may

“Lanre, have you seen the new WhatsApp privacy policy,” my boss asked as he arrived at the office. At this time, I haven’t seen the new policy because my WhatsApp was not the latest version.

But I had checked some trend comment after seeing WhatsApp in my top Twitter trend. Most comments, however, were not from Nigerians.

WhatsApp, a cross-platform free messaging service has been under cross-fire for its mandatory request that its users must agree to its privacy policy update.

Users were more worried about the content of the policy than the mandated deadline itself.

In the Information You And We Share section of the key updates WhatsApp stated that; “You share your information as you use and communicate through our Services, and we share your information to help us operate, provide, improve, understand, customize, support, and market our Services.

“We work with third-party service providers and other Facebook companies to help us operate, provide, improve, understand, customize, support, and market our Services.

“We work with these companies to support our Services, such as to provide technical infrastructure, delivery and other systems; market our Services; conduct surveys and research for us; protect the safety, security and integrity of users and others; and assist with customer service.

“When we share information with third-party service providers and other  Facebook Companies  in this capacity, we require them to use your information on our behalf in accordance with our instructions and terms.”

Based on the above, it can be deduced that WhatsApp indeed shares users data with Facebook, its parent company. Facebook acquired WhatsApp in 2014 for a whopping sum of $19 billion.

However, the shared data cannot be ascertained if it includes users messages which it promised would be end-to-end encrypted.

But based on the key updates, the shared data may include Your Account Information (phone contacts); Your Connections; Status Information; Transactions And Payments Data (for countries like India where such is enabled); Usage And Log Information; Device And Connection Information; Location Information; Cookies; Information Third-Parties Provide About You; User Reports; Businesses you interact with On WhatsApp.

End-to-end message encryption

WhatsApp stated in a blog post it does not try to access users messages (chats).

“We do not retain your messages in the ordinary course of providing our Services to you. Instead, your messages are stored on your device and not typically stored on our servers. Once your messages are delivered, they are deleted from our servers.

The following scenarios describe circumstances where we may store your messages in the course of delivering them:

“If a message cannot be delivered immediately (for example, if the recipient is offline), we keep it in encrypted form on our servers for up to 30 days as we try to deliver it. If a message is still undelivered after 30 days, we delete it.

“When a user forwards media within a message, we store that media temporarily in encrypted form on our servers to aid in more efficient delivery of additional forwards.

“We offer end-to-end encryption for our Services. End-to-end encryption means that your messages are encrypted to protect against us and third parties from reading them.”

Also in a Twitter and blog post to defend itself after an outcry from users and tech community, WhatsApp reassured users of their chat privacy.

The company noted that its “privacy policy update does not affect the privacy of your messages with friends or family.”

In a tweet post, Will Cathcart, head of WhatsApp and Facebook said; “With end-to-end encryption, we cannot see your private chats or calls and neither can Facebook. We’re committed to this technology and committed to defending it globally.”

Can WhatsApp spy on my chats?

Based on the platforms claim, they cannot. So far the chats remain end-to-end encrypted, this claim holds.

End-to-end encryption technology applies encryption to messages. Think of it this way, when a message is sent from a user, it is padlocked such that even the platform (WhatsApp) cannot unlock it. It is only the receiver’s phone that can unlock it.

This means the message becomes unlocked only after the receiver gets it. Since WhatsApp messages are stored locally on your phone, the platforms server cannot have access to it even afterwards.

The WhatsApp new update was notifying users they will be sharing other data aside their chats with third-parties (including Facebook and Instagram).

Internet users have become more concern about their privacy over the years as many Ad companies such as Google and Facebook have turned such data into a money mine.

Virtual keyboard

Although WhatsApp can’t access users chats, there is another software that can do that, your virtual keyboard!

Keyboard apps have the capacity to collect usage data. While typing on WhatsApp, the message only becomes encrypted after hitting the send button. Prior to this time, your keyboard software may have collected the typed-in words and store it on the developer’s server.

Grammarly for instance collects such data to improve its service. In its privacy policy, it stated that it collects user content; “This consists of all text, documents, or other content or information uploaded, entered, or otherwise transmitted by you in connection with your use of the Services and/or Software.

Grammarly keyboard may also “obtain access to the names of your contacts on your device. This access helps the Grammarly Keyboard recognize when you are typing names so it can make appropriate suggestions (for example, if you misspell a name).”

Likewise Google voice typing, Google keyboard (Gboard), Samsung keyboard, among others. The data they collect can be shared with third-parties.

Keyboards and privacy scandal

Ai.type virtual keyboard in 2017 was reported to have harvested personal data of over 31 million users. Likewise, GO Keyboard was also investigated in 2017 for intrusive ads and was found to be collecting extensive user data including Google account information.

Hackers have also been exploring the usage of keyboards to spy on unsuspecting users. This software is called keyloggers. When deployed on a smartphone, it takes inventory of all keystrokes  (all typed characters). Attackers can use it to obtain bank account information;  login details; and even call logs.

Data privacy will continue to remain a huge problem as the usage of the internet continues to grow. However, the internet users will also become more cautious of their privacy and how it is being used.

This trend has seen Google employing cookieless ads; people ditching Google for DuckDuckGo;  more than 25 million users ditching WhatsApp for Telegram and also the rise in the usage of instant messaging platforms like Signal.

Sharing is Caring ... Please Share to Any...


Please enter your comment!
Please enter your name here