Makerere University

Enter a keyword or two into the search box above and click search..

Security Flaw In Whatsapp Web

You are here

By Kobusinge Erinah

 WhatsApp which claims to have over 500 million users across the globe  switched on a service that enables sending messages from the Google Chrome web browser.

To access the service, WhatsApp users simply visit in their Google Chrome web browser where they will be prompted to open the app on their phone and scan a QR code. All WhatsApp messages and their histories are then ‘mirrored’ in the web browser. (At this stage, the offering is only available on Google Chrome.)


What about the privacy.

But staying logged in to WhatsApp on the browser could put you at risk of having your privacy compromised if your computer is accessed by a stranger.

Once a computer and a phone have been linked up, anyone with access to the desktop could simply fire up the WhatsApp. Web without being prompted for any authentication details, all the information from the phone’s WhatsApp is displayed on the screen. There is absolutely no obvious indication on the phone that the desktop is currently being used and so the WhatsApp user has no idea that someone is spying on the conversations.This is because the phone doesn’t even need to be in  the same WIFI zone and just needs an internet connection, the victim can be anywhere in the world for the desktop.

WhatsApp on the web browser does indeed stay logged in, even after exiting the browser. Users of WhatsApp are also not overtly notified on their smartphones when the linked application on the web browser is open and being used.

WhatsApp technically does notify users on their phones of their last activity on the web browser version. But this functionality is hidden as users have to press on the 'WhatsApp Web' settings in the mobile app to find this information. This is a menu option that users have to actively find rather than being passively told via the likes of, for example, a push notification.

I am surprised that WhatsApp didn’t think this could be an issue. Should WhatsApp implement a simple notification on the phone whenever the desktop is connected, that is enough to alert someone that they are being watched.


Protect your messages

In the meantime, there are ways to protect your messages if you are intent on using the web browser version of WhatsApp.

The first method is to ensure you log out of WhatsApp on the web browser when you are done using it.

This can be done by clicking on the menu option in the WhatsApp web version and logging out.

You can physically log out of the web version of WhatsApp.

Users can also log out by opening WhatsApp on their smartphones, tapping on settings (the three dots), selecting 'WhatsApp Web' and then selecting ‘log out from all computers’.


There is a keep me signed in option when you setup WhatsApp web, If you uncheck this box, you will be signed out after about 5minutes of inactivity in your browser an you will have to scan the browser again to gain access. If you opt to remain signed in then simply closing the tab won’t sign you out. You can close the browser tab, but then re-open it to access all your messages again without signing in.If  you are on a shared computer or at work, you probably don’t want to use this option

To read more about malware in Whatsapp please click the link below.