The official Google Play store has removed a game after it was found to be secretly stealing users’ WhatsApp conversations, and putting them on sale on a website.
Balloon Pop 2 allowed the developers to snatch private conversations made via WhatsApp on Android devices, and upload them to a website called WhatsAppCopy.
Further research on the whatsappcopy.com website reveals that the intention of the app is not for the developers to read your conversations, but for people who might want to read their friends or family’s conversations secretly.
For example, the app could be secretly downloaded onto a target phone, or you might tell your friend about this ‘cool new game’. Once the target has downloaded the app, which featured no warning that data will be taken, the perpetrator can go the whatsappcopy.com website, enter in the target phone number, and pay for access to the target’s WhatsApp conversations.
The WhatsAppCopy website advertises the Balloon Pro 2 game as a way of "backing up" a device’s WhatsApp conversations, sneaky.
This way, the people behind the game seem to be able to prove they’re providing a legitimate backup service, and it’s not their fault if people misuse it. However, surely they should be advertising it with a warning message that people could use this to snoop?
What’s the lesson here? As always, not everything in the Google Play store can be trusted. Double check the app’s permissions, and always have an up-to-date security app running to avoid all that malware. WhatsApp also need to improve on its security, and maybe start encrypting data. This kind of thing wouldn’t happen on BBM, so maybe WhatsApp needs to step up a gear.
