SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Users pay with personal data - Kaspersky on WhatsApp move to share data with Facebook
Tue, 19th Jan 2021
FYI, this story is more than a year old

Messaging app WhatsApp has asked its two billion users to accept new terms and conditions that will allow the platform to share more information with parent company Facebook and roll out advertising and eCommerce.

The update sparked criticism among users as they must accept the changes or see their access to the service - which also allows encrypted voice and video calls - cut off from Feb 8.

According to Kaspersky, the update is another example of users having to pay with their data in order to use "free" services.

"Nothing is truly free, and, unfortunately, the current business model for free services means that, essentially, we pay with our data," says Anna Larkina, senior researcher at Kaspersky.

Larkina says social networks, some messengers and search engines make money off of advertising, and the more personalised it is the better.

"In fact, Facebook and other companies have been doing this through its services for the past few years," she says.

"The good news is that 1) Most of the companies, including Facebook, are being transparent about its policies and 2) WhatsApp doesn't read your conversations because it includes end-to-end encryption. All they're tracing is technical and account information."

Moving forward, Larkina says the integration between Facebook and WhatsApp will only continue to increase, and users will need to decide what level of information sharing they're comfortable with and which messaging applications they prefer.

"Luckily there is a variety of alternative messaging platforms and currently users can decide for themselves what works best for them," she says.

Which messenger is safer for users?

Victor Chebyshev, mobile threat researcher at Kaspersky, says most messaging apps are relatively safe since they use encryption when sending messages.

"On iOS, this fact makes such applications really quite reliable. However, it's worth remembering that the user may face an attack on the device or an attempt by attackers to infect it," he says.

"That's why, on Android, the situation is a bit different, since, for example, there is a built-in Accessibility Service," Chebyshev says.

"Attackers are known to have exploited the capabilities of this service in order to collect user data. In particular, last year, we discovered stalkerware that could receive the text of incoming and outgoing messages from instant messengers using this standard function," he explains.

In order to protect your data, Chebyshev recommends that mobile device users adhere to the following rules:

·         Don't download messengers and other programs from third-party sources. Use only official application marketplaces.

·         If possible, acquaint yourself with the user agreement. There are situations when the developer of the app openly warns that they may share user data with third-parties.

·         Do not follow suspicious links from messages, even if they were sent to you by your friends.

·         Use security solutions when possible on your mobile devices.

·         Pay attention to which permissions downloaded applications request. If the requested permission is not necessary for the full functioning of the application, then there is a reason to be wary. For example, the flashlight app clearly doesn't need access to the microphone.