WhatsApp is the most popular messenger, surpassing 2 billion users this month. One of the most used functions in WhatsApp is the group chat function. To add participants to groups, the administrator has the option of adding individual numbers manually or sharing a link. This seemed to be the problem. Journalist Jordan Wildon discovered that numerous private WhatsApp group invitation links could be found using the Google search engine for several hours. WhatsApp has now fixed the problem.
Your WhatsApp groups may not be as safe as you think.
The “Invite to a group via link” feature allows Google to index the groups and they are generally available on the Internet. With a few wildcard search terms, you can easily find some… interesting… groups. pic.twitter.com/hbDlyN6g3q
– Jordan Wildon (@JordanWildon) February 21, 2020
Wildon discovered that Google’s invite links from WhatsApp were indexed and found by the Google search operator “site:” and the subsequent link “Chat.WhatsApp.com”. Twitter user Jane Manchun Wong eventually discovered that Google achieved more than 470,000 results when searching for the URL “site: chat.whatsapp.com”. Many of the results are invitations for private groups. Obviously, this was a serious data protection issue, as all the phone numbers and names of the participants can be seen when joining the group.
Misconfiguration of WhatsApp allowed ~ 470k Group Invite links to be indexed by search engines
It should have been “Not allowed” with robots.txt or with the “noindex” meta tag
thanks @JordanWildon for the advice https://t.co/CJxjJ5qyfh pic.twitter.com/FrW1I9Y8vs
– Jane Manchun Wong (@wongmjane) February 21, 2020
Google sees the problem with WhatsApp
Google employee Danny Sullivan sees the problem with WhatsApp and tweeted about the situation: “Search engines like Google and others list pages on the open web. This is exactly what is happening here. It is no different from any case where URLs can be publicly posted on a website. ” According to him, WhatsApp must take important measures to prevent search engines from displaying such content. Jane and Danny emphasize that the problem is due to a lack of foresight on WhatsApp’s part. According to them, WhatsApp only has to use the meta tags “noindex” or “norobots.txt” to exclude the links from being displayed in search engines. This is exactly what WhatsApp seems to have done now. Currently, the links can no longer be found.
WhatsApp sees the problem with group admins
A WhatsApp spokesperson justified himself to Vice, saying, “Group admins in WhatsApp groups can invite any WhatsApp user to join this group by sharing a link they have generated. Like all content shared on public search channels, other WhatsApp users can find publicly posted invitation links on the Internet. Links that users want to share privately with people they know and trust should not be posted on a publicly accessible website. “
WhatsApp does not see the problem primarily with itself, but with group admins who recklessly shared the links online. Ultimately, however, thousands of group chat invite links were visible because WhatsApp refuses to take action against them. Now, the Facebook subsidiary has shown insight and taken action.