WhatsApp, the Meta-owned messaging platform, is one of the world’s most popular messaging apps. It is estimated that over two billion people use the app, sending about 100 billion messages per day.

It’s no surprise, then, that security concerns, malware threats, and spam appear on WhatsApp. Here’s everything you need to know about the potential dangers of using WhatsApp, including some of the platform's most common security issues and scams. In the end, we'll help you make your judgment on whether you think WhatsApp is safe or not.

1. WhatsApp Web Malware

WhatsApp Web QR code login screen

WhatsApp’s enormous user base makes it an obvious target for cybercriminals, many of whom focus on WhatsApp Web and WhatsApp Desktop.

The app stores on phones—the App Store on iOS and Google Play Store on Android—are more carefully regulated than the internet at large. When you search for WhatsApp on those stores, it’s generally clear which app is the official one. That isn’t true of the wider internet.

Criminals, hackers, and scammers have all taken advantage of this. There have been instances of attackers passing off malicious software as WhatsApp desktop applications. If you are unfortunate enough to have downloaded one of these, the installation can distribute malware or otherwise compromise your computer.

In some cases, hackers were able to install WhatsApp spyware due to a vulnerability, according to a security advisory published by the messaging service in 2019. At the time, Facebook revealed the vulnerability affected all WhatsApp apps (including the business versions) across Android, iOS, Windows Phone, and Tizen OS.

Others tried a different approach, creating phishing websites masquerading as WhatsApp Web and tricking you to enter your phone number to connect to the service. However, they actually use that number to bombard you with spam or link it to other leaked or hacked data on the internet.

To be on the safe side, use only apps and services from official sources. WhatsApp offers a web client for you to use on any computer, known as WhatsApp Web, which you should only access through the WhatsApp website. There are also official apps for Android, iPhone, macOS, and Windows devices that you should use to avoid WhatsApp scams.

Download: WhatsApp for Android | iOS | macOS | Windows (Free)

2. Unencrypted Backups

WhatsApp Unencrypted Backup iOS

The messages you send on WhatsApp are end-to-end encrypted. This means that only your device, and that of the recipient, can decode them. This feature prevents your messages from being intercepted during transmission, even by Meta itself. However, this doesn’t secure the messages once they are decrypted on your device.

WhatsApp allows you to back up your messages and media on Android (Google Drive) and iOS (iCloud). This is an essential feature as it allows you to recover accidentally deleted WhatsApp messages. There is a local backup on your device in addition to a cloud-based backup. These backups contain decrypted messages from your device.

The backup file stored on iCloud or Google Drive is not necessarily encrypted. As this file contains decrypted versions of all your messages, it is theoretically vulnerable and undermines WhatsApp’s end-to-end encryption.

As you have no choice in a backup location, you are at the mercy of the cloud providers to keep your data secure. There are other means that attackers could use to gain access to your cloud storage accounts, too.

Thankfully, WhatsApp updated its service to include end-to-end encrypted chat backups. However, this setting is disabled by default. Go to Settings > Chats > Chat Backup > End-to-end Encrypted Backup and select Turn On to secure your WhatsApp backups. You'll need to create a password to protect your backups. However, remember that you won't be able to access your backups if you forget the password—WhatsApp can't restore it for you.

3. Facebook Data Sharing

WhatsApp data sharing blog post

In January 2021, Meta released a new data-sharing policy for WhatsApp, mandating the transfer of your information between WhatsApp and Facebook. After users complained, the company then noted that it would limit WhatsApp’s features for anyone who doesn’t opt-in.

Later that year, Meta again softened the penalties, although it encouraged users to opt into the new policies. This data-sharing policy can potentially be one of the biggest WhatsApp security risks because it implies that your data will also be vulnerable if Facebook can be hacked.

4. Hoaxes and Fake News

Social media companies have been criticized for allowing fake news and misinformation to spread on their platforms. Meta, in particular, has been condemned for its role in spreading misinformation throughout the 2020 US Presidential campaign. WhatsApp has also been subject to those same forces.

Two of the most notable cases have been in India and Brazil. WhatsApp was implicated in the widespread violence that occurred in India during 2017 and 2018. Messages containing details of fabricated child abductions were forwarded and spread across the platform, customized with local information. These messages were widely shared across people’s networks and resulted in the lynching of those accused of these fake crimes.

In Brazil, WhatsApp was the primary source of fake news throughout the 2018 elections. As this kind of misinformation was so easy to spread, business people in Brazil set up companies that created misinformation campaigns against candidates enabled by the fact that WhatsApp is used for both business and personal communication.

Both issues were ongoing through 2018, a year that was infamously terrible for Meta. Digital misinformation is a difficult problem to deal with, but many viewed WhatsApp’s response to these events as apathetic.

However, the company did implement a few changes. WhatsApp put limits on forwarding, so you can only forward to five groups, rather than the previous limit of 250. The company also removed the forwarding shortcut button in a number of regions, too.

Despite these interventions, early in the COVID-19 pandemic, WhatsApp was used to share misinformation about the virus. Once again, Meta implemented forwarding limits to prevent the spread of incorrect or false information. Similarly, it worked with authorities and health organizations worldwide to develop WhatsApp chatbots, so people could easily access reliable information on the pandemic.

Both scenarios—the 2018 political events and the COVID-19 pandemic—were affected by the same issues: false information being forwarded to multiple people. Due to this, the forwarding limits are permanent on the platform, which does help but is in no way a silver bullet in fighting fake news.

5. WhatsApp Status Privacy Concerns

For many years, WhatsApp’s status feature, a brief line of text, was the only way for you to broadcast what you were doing at the time. This morphed into WhatsApp Status, a clone of the popular Instagram Stories feature.

Instagram is a platform that is designed to be public, although you can make your Instagram profile private if you choose. WhatsApp, on the other hand, is a more intimate service used for communicating with friends and family. So, you may assume that sharing a Status on WhatsApp is private, too.

However, that isn’t the case. Anyone in your WhatsApp contacts can view your Status. Fortunately, it is quite easy to control who you share your Status with. Navigate to Settings > Privacy > Status (on Android, tap the three-dot menu in the top right and select Settings > Privacy > Status), and you’ll be shown three privacy choices for your Status updates:

  • My contacts.
  • My contacts except.
  • Only share with.

Here, ensure the appropriate option is selected. As with Instagram Stories, any videos and photos added to your Status will disappear after 24 hours.

Despite the transient nature of the Status feature, remember that anyone who can view your updates can save a copy without your knowledge. WhatsApp doesn't have a built-in feature for saving Status updates, but anyone can do this by taking a screenshot, screen recording, using WhatsApp Status saving apps, and more.

WhatsApp doesn't let you know if someone saves your update, so be careful not to share anything sensitive. Before such a feature is available, here are some tips for making your WhatsApp account more private and secure.

6. WhatsApp Job Scams

Online job scams are pretty common—and with its popularity, fraudsters also use WhatsApp to share job scams. This explains why you may be getting recruitment messages on WhatsApp.

The sender may impersonate a recruiter or recruitment companies, with the most popular option being high-profile organizations and companies like World Health Organization, UNICEF, and Microsoft.

WhatsApp job scams mainly involve the sender sharing a link with a brief description. These fake job offers use high salaries as bait and typically want the receiver to send money upfront to secure a spot. Once you send the money, you will never hear from the recruitment impostor again. There are different ways to spot WhatsApp scams; you should learn them if you want to stay ahead of fraudsters.

Is WhatsApp Safe?

So, is WhatsApp safe to use? WhatsApp is a confusing platform. On the one hand, the company implemented end-to-end encryption in one of the world’s most popular apps, a definite security upside. However, there are many WhatsApp security concerns.

One of the primary issues is that it is owned by Meta and suffers many of the same privacy dangers and misinformation campaigns as its parent company. In conclusion, after factoring in all the above, is WhatsApp safe or not? That's up to you.