Are you afraid that someone could enter your WhatsApp without permission and spy on all the conversations you have with your friends? You’re a little paranoid, let me tell you, but deep down, you’re right to worry about topics like cybersecurity. As safe as it may be, WhatsApp is the fruit of human labor, and, as such, it is not perfect. This means it can have weaknesses or real security holes that could allow malicious people to intercept other people’s communications. If you want to learn more and dispel any reasonable doubt about the privacy of your communications, take a few minutes of free time and let me help you.
Some “tips” on understanding if WhatsApp is being spied on, and I will suggest some common sense practices that you can implement to make your chats safer. I assure you that it is nothing particularly difficult, indeed, purely technical there is very little to understand. Despite end-to-end encryption, there are “tricks” with which some attackers could read our messages. Here’s how to protect yourself. WhatsApp has recently updated its privacy policy, ensuring maximum security thanks to the end-to-end encryption tool.
This system allows only the sender and recipient (or recipients, in the case of groups) to access the content messages. However, the system does not completely keep away the “crafty” who can still access our conversations and media sneakily – using WhatsApp Web. WhatsApp Web is the extension that allows you to access chats from a tablet or PC, downloading content or sending messages (including audio): a good help to those who use the social network for work or to those who want to have access, on their computer, files, and media that have been sent to him in chat.
Using it is very simple: log into your account by scanning the QR code generated on your PC with the application on your mobile phone. Unfortunately, unless the history is cleared, access to chats remains available to those who use the computer – especially since the system allows access to the application from multiple devices simultaneously. This would allow malicious people who use the PC after us to “spy” on our messages and conversations. How do you find out if someone has accessed WhatsApp conversations from your computer without your knowledge?
The application allows the user to check the last access made from the PC, which remains tracked even if we do not receive any notification. Just go, through the settings menu, to Connected Devices (for Android) or WhatsApp Web (for IOS). Also, you can adopt some good habits to avoid the risk of someone sticking their nose into our chats. For example, we can often delete (let’s say even after each use) the history of our PC and not save the access made to WhatsApp Web. We can then avoid leaving our smartphone unattended and adopt a password protecting our data from meddling glances.
Check WhatsApp Web/Desktop Logins
The WhatsApp Web online service and the official WhatsApp client for Windows and macOS allow you to use WhatsApp on your computer by creating a new session and “repeating” what is present on your smartphone. This means that you can only access your chats if the phone is connected to the Internet and if the official WhatsApp or WhatsApp Web client has been associated with the smartphone by scanning a specific QR code. This is an extremely convenient solution, it works well, but it can present privacy risks: it works even if the smartphone and computer are not connected to the same Wi-Fi network.
This means that, potentially, an attacker could gain access to your communications simply by convincing you to lend him your smartphone for a few seconds by logging into WhatsApp Web or the official WhatsApp client using his computer (or tablet). And keeping the check on the option Stay connected. By checking this option, the smartphone remembers the association made with the computer and allows subsequent access to WhatsApp Web and the WhatsApp client for PC without requiring a new scan of the QR code.
This system, however, only works if no biometric data protection system is set up on your device: if, on the other hand, an unlocking system using the face or fingerprint is active on the device, this method authentication will be requested, for confirmation, also for access to WhatsApp Web / Desktop. You can well understand that such a thing compromises your privacy on WhatsApp, allowing the attacker to read all the messages you receive and send. The WhatsApp application on the smartphone indeed sends notifications when new connections to WhatsApp on the PC are established. Still, these could escape the user, giving any “spy” the green light.
That said, it should be stressed that, fortunately, there is a very simple way to check for unauthorized access to WhatsApp Web or the official WhatsApp PC client and possibly stop them. By accessing the WhatsApp settings on your smartphone, you can view the complete list of active accesses and decide to stop them instantly. In this way, all the computers connected to the smartphone will lose the authorization to access your WhatsApp.
They will be asked to re-scan the QR code (an operation that the attacker on duty will not perform because they no longer have your smartphone). Going into more detail, to check the list of accesses to WhatsApp Web and WhatsApp for PC on your smartphone, you need to start the WhatsApp app on Android, press the ⋮ icon located at the top right, and choose WhatsApp Web item in the box you see. However, you have to press the Settings tab at the bottom and tap on the WhatsApp Web / Desktop item on the iPhone.
At this point, take a look at all active WhatsApp Web and WhatsApp Desktop sessions and, if you find any suspicious ones, stop them. You can perform this operation on Android by pressing on the active session or the iPhone swiping from right to left on the one to be interrupted and pressing the Disconnect button that appears sideways. Do you want to stop all WhatsApp Web and WhatsApp Desktop sessions simultaneously? No problem. Press on the item Disconnect from all computers, confirm (by answering Disconnect to the warning you see on the screen), and you’re done.