Should businesses worry about the encryption and security of Whatsapp?
Is the security vulnerability of Whatsapp a backdoor for Gov snooping as some proclaim?
Some experts say the vulnerability is a known “trade-off” due to the size of Whatsapp’s user base and can hardly be used for mass surveillance.
However, since Whatsapp always highlights its privacy and security, this raises some serious questions for its users.
Enterprises and employees, which use Whatsapp for business purposes, ask themselves if they can rely on the encryption and security of Whatsapp?
Let’s have a look at the encryption question first. Let’s assume some security experts are right and this is a small vulnerability, which can only be exploited in exceptional cases. Does that mean overall the encryption is still secure for businesses? The answer for most enterprises is clearly no. Whatsapp does only encrypt the messages, but not the meta data. Thus Whatsapp e.g. knows who you communicate with, how often you communicate with them, how long you interact with them, which 1:1 and group chats you are part of, etc. Normally this meta data is actually more important than the messages itself. That’s why intelligence agencies love the meta data. Meta data gives Whatsapp an excellent overview of your social and – in this case – your business relations and their importance.
In addition, in many cases the meta data easily gives a clue about the end-to-end encrypted content. For example, when you communicate with a specific supplier, it is clear that you are interested in a certain component. When you intensively exchange with a customer, it is obvious that he is interested in buying your product. When you talk to a certain consultant, you probably look for advise on a topic. When you consult a specific doctor, you probably need special medical aid. When you regularly connect with a competitor, you might contemplate a merger. And so on… In summary it can be said, that by using Whatsapp businesses potentially disclose much more information then it might appear. And all this data will end up with and be used by Facebook.
Now lets talk about the second part of the question: Does Whatsapp provide security, data protection and compliance for businesses? Again, the answer for most enterprises is clearly no. This can be easily shown by asking a list of questions:
Actually there are even more questions on the security, data protection and compliance of Whatsapp, that businesses could ask. If you have a look at our blog posts on the disadvantages and damages of the usage of Whatsapp for business purposes, you will get a good idea what other topics are important for your enterprise.
Whatsapp does not provide the security, encryption, data protection and compliance required by businesses. For a secure, private, protected and compliant communication with colleagues and teams, businesses need a dedicated enterprise messaging app like Teamwire.