The Office of the Privacy Commissioner of Canada (OPC) and the Dutch Data Protection Authority (CBP) say that WhatsApp has taken some steps towards ensuring that its messaging app doesn’t violate any privacy laws. However, they’re still not 100% satisfied.
One year ago, the OPC initiated a complaint against WhatsApp on the grounds that the app was handling personal information in a way that violated the country’s privacy laws.
In the meantime, WhatsApp has made significant improvements, but Dutch and Canadian authorities are still not satisfied with the fact that, in most cases, the app accesses the address book without requesting permission from the user.
“The investigation revealed that users of WhatsApp – apart from iPhone users who have iOS 6 software – do not have a choice to use the app without granting access to their entire address book. The address book contains phone numbers of both users and non-users,” said Jacob Kohnstamm, chairman of the Dutch Data Protection Authority.
“This lack of choice contravenes (Dutch and Canadian) privacy law. Both users and non-users should have control over their personal data and users must be able to freely decide what contact details they wish to share with WhatsApp.”
One of the issues highlighted by the investigation was a flaw that could have allowed cybercriminals to hijack user accounts. After the vulnerabilities were uncovered, WhatsApp made some modifications, but experts have found a way to re-enable the attack method.
Now, the agencies urge users to update to the latest version to protect themselves against such attacks.
The OPC and the CBP were also unhappy with the fact that the messages sent via WhatsApp were not encrypted. However, in September 2012, the company introduced encryption to its services.
According to the Dutch and Canadian data privacy guardians, the joint investigation marks a milestone in global privacy protection.