New Delhi, (Samajweekly) As WhatsApp faces intense scrutiny over its upcoming data and privacy policy in India and elsewhere, another user data violation has been reported, this time on the WhatsApp on Desktop (Web) application, allegedly exposing personal mobile numbers via indexing on Google Search.
Although WhatsApp is primarily a mobile app, currently being used by over 400 million users in India, some working professionals also use the instant chat app on their desktops and PCs via the Web version.
Independent cybersecurity researcher Rajshekhar Rajaharia on Friday shared some screenshots with IANS showing indexing of personal mobile numbers of WhatsApp users via Web version on Google Search.
“The leak is happening via WhatsApp on Web. If someone is using WhatsApp on laptop or on an office PC, the mobile numbers are being indexed on Google Search. These are mobile numbers of individual users not business numbers,” Rajaharia told IANS.
Earlier this week, concerned at private group chat links being available on Google Search, WhatsApp said that it had asked Google not to index such chats and advised users not to share group chat links on publicly accessible websites.
Google had indexed invite links to private WhatsApp group chats, meaning anyone can join various private chat groups with a simple search. The indexed WhatsApp group chat links have now been removed from Google.
“Despite WhatsApp advising users and telling Google to remove the earlier exposed group chat links, the mobile numbers via WhatsApp Web application are now being indexed on Google Search,” Rajaharia noted.
A WhatsApp spokesperson said in an earlier statement that since March 2020, WhatsApp has included the “noindex” tag on all deep link pages which, according to Google, will exclude them from indexing.
“We have given our feedback to Google to not index these chats. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website,” the company spokesperson said.
The issue was first cropped up in February last year when app reverse-engineer Jane Wong found that Google has around 470,000 results for a simple search of “chat.whatsapp.com”, part of the URL that makes up invites to WhatsApp groups.
According to Rajaharia, the latest leak of personal mobile numbers via WhatsApp on Web has not been addressed so far by the either Facebook-owned platform or Google.
The revelation comes at a time when WhatsApp is changing its privacy policy and users will have to “agree and accept” if they plan to keep using the app post-February 8.
On Friday, a single judge bench of the Delhi High Court recused from hearing a petition against the WhatsApp’s upcoming data and privacy policy, on the grounds that it violates the right to privacy of citizens of India.
The plea will now be listed before another bench and would come up for hearing on January 18.