security Researcher Atul the Garam found in WhatsApp big privacy issue where phone numbers may be in the public domain. This is due to the Click to Chat (“Direct link”) that allows search robots Google from indexing user data.
Click to Chat feature in the app and the web version of WhatsApp, allowing contact with the source, is not stored in the address book. You can create a link (of the form “https://wa.me/”), when clicked, chat with that person will automatically be opened.
As found in Garam, Click to Chat does not encrypt the data, and adds them directly to the domain wa.me owned WhatsApp. In the result of phone numbers placed on public display because search engines can index the metadata included in the link.
the Expert personally found in the Google results about 300 thousand valid phone numbers, writes TechRadar. Full name of the user is hidden, but the profile picture in WhatsApp remains visible.
“Your number is shown in the link in plain text, and anyone who will receive it will be able to find your phone. To cancel it is impossible, – explained the expert. – Receiving rooms, the attacker can write messages and make calls to their owners, and also sell this data to marketers, spammers and fraudsters.
According to Jarema, he reported the problem to the company Facebook (which owns WhatsApp), but they considered it insignificant. They explained that users who create a public link, knowingly consent to the publication of these data. As for spam, that “all users of WhatsApp, including business, can block unwanted messages with one click”, recalled in the company.