New Delhi: A privacy bug in WhatsApp allows strangers to view users' profile pictures, even if they have been set to ‘contacts only', a security researcher has found.
The flaw was discovered by 17-year-old Indrajeet Bhuyan, who showed the problem lies with the latest web version of the popular messaging platform which allows you to chat via your browser with your WhatsApp contacts.
Users are able to set WhatsApp so that it only shares their profile photo with people they have as contacts. But the bug allows people to get around that and see the profile photos of strangers.
The researcher also claimed that if a user sends a photo which is subsequently deleted, it's not blurred out, as happens on the mobile version and can be seen by others.
However there are some security experts who believe that it's not the most serious privacy breach that has ever occurred. The fact of the matter is that WhatsApp users chose to keep their profile photos private, and their expectation is that WhatsApp will honour their choices and only allow their photos to be viewable by those who the user has approved.
WhatsApp has been committed to ensuring security and privacy for its users, recently introducing end-to-end encryption.
The apps web client was introduced on January 21. While many were excited to finally be able to read and respond to messages from their PC, it also disappointed other users with its limited compatibility and functions.
Bhuyan has found holes in WhatsApp before, previously finding a way of forcing the app to crash on Android phones by sending a small message to users.
WhatsApp was bought by Facebook – which has previously been accused of failing to protect the privacy of its customers – for $19bn in February last year.