Should businesses worry about the encryption and security of Whatsapp?
Is the security vulnerability of Whatsapp a backdoor for Gov snooping as some proclaim?
Some experts say the vulnerability is a known “trade-off” due to the size of Whatsapp’s user base and can hardly be used for mass surveillance.
However, since Whatsapp always highlights its privacy and security, this raises some serious questions for its users.
Enterprises and employees, which use Whatsapp for business purposes, ask themselves if they can rely on the encryption
and security of Whatsapp?
Let’s have a look at the encryption question first. Let’s assume some security experts are right and this is a small
vulnerability, which can only be exploited in exceptional cases. Does that mean overall the encryption is still secure
for businesses? The answer for most enterprises is clearly no. Whatsapp does only encrypt the messages, but not the
meta data. Thus Whatsapp e.g. knows who you communicate with, how often you communicate with them, how long you interact
with them, which 1:1 and group chats you are part of, etc. Normally this meta data is actually more important than
the messages itself. That’s why intelligence agencies love the meta data. Meta data gives Whatsapp an excellent overview
of your social and – in this case – your business relations and their importance.
In addition, in many cases the meta data easily gives a clue about the end-to-end encrypted content. For example, when
you communicate with a specific supplier, it is clear that you are interested in a certain component. When you intensively
exchange with a customer, it is obvious that he is interested in buying your product. When you talk to a certain
consultant, you probably look for advise on a topic. When you consult a specific doctor, you probably need special
medical aid. When you regularly connect with a competitor, you might contemplate a merger. And so on… In summary
it can be said, that by using Whatsapp businesses potentially disclose much more information then it might appear.
And all this data will
end up with and be used by Facebook.
Now lets talk about the second part of the question: Does Whatsapp provide security, data protection and compliance for
businesses? Again, the answer for most enterprises is clearly no. This can be easily shown by asking a list of questions:
Actually there are even more questions on the security, data protection and compliance of Whatsapp, that businesses could
ask. If you have a look at our blog posts on the
damages of the usage of Whatsapp for business purposes, you will get a good idea what other topics are important
for your enterprise.
Whatsapp does not provide the security, encryption, data protection and compliance required by businesses.
For a secure, private, protected and compliant communication with colleagues and teams, businesses need a dedicated
enterprise messaging app like Teamwire.