A Dutch developer, Maikel Zweerink claimed that WhatsApp has a vulnerability in its privacy setting which can be manipulated to stalk a particular user.
Zweerink claims that WhatsApp can be easily bypassed using a software kit dubbed ‘WhatsSpy Public,’ which exposes the user’s online status, profile picture, status messages to strangers, even if the setting is ‘private’.
The spying software allows smartphone users with a phone number, which is not linked to a WhatsApp account, to spy on users of WhatsApp.
Previously, the app showed ‘online’ and ‘last seen’ statuses but, following a recent update, the company added features to hide it, which can be broken using the software.
Zweerink said: "The privacy options in WhatsApp act like they give you full control over your status in Whatsapp meanwhile they only affect a very limited scope."
"Sure, the last seen, profile picture and status options do work, but probably not as the user intented it to."
"The ability for an complete stranger to follow your in-app status is pretty creepy and might be abused already. This is not an "hack" or "exploit" but it’s broken by design."
The developer of WhatsSpy Public claims that the software is a ‘proof of concept’ which is designed to show the flaw that the app has, and not as a tool to exploit.
