Is WhatsApp Safe to Use in 2024? Is It Secure Against Hackers?
WhatsApp comes with robust security measures, including end-to-end encryption and 2FA (Two-Factor Authentication). But is WhatsApp safe to use? Is the app safe from hackers? Its affiliation with Meta has certainly raised concerns over potential data collection and sharing.
The platform is used by over 2 billion users, who send approximately 100 billion messages each day. So, a high level of security and privacy is crucial. However, increasing scam messages, security threats, and other concerns have started to tarnish WhatsApp's reputation as a safe form of messaging.
This guide covers all the potential dangers and the security features WhatsApp offers to help you decide if you want to use it. I’ve also created an in-depth guide with tips for using the Meta-owned messaging app safely, including how to make the most of the app’s security settings.
Is WhatsApp Safe?
WhatApp provides plenty of decent security measures, including end-to-end encryption (E2EE). This encryption method ensures that only the message sender and receiver can view the contents of a communication. It means that WhatsApp can’t actually decrypt or access your messages itself. Other secure messaging apps, like Telegram, use similar methods.
However, the app does have some privacy concerns and can be vulnerable to cyber threats. WhatsApp’s parent company Meta doesn’t have the best reputation when it comes to handling user data. The app has also seen plenty of instances of scams, malware distribution, and phishing. Let’s take a look at both WhatsApp’s features and its vulnerabilities to see how they balance out.
Key WhatsApp Security Features
Features | Benefits |
E2E encryption | End-to-end encryption automatically covers all forms of communication within the app, including text messages, voice calls, photos, and videos. This safeguards your correspondence by default. WhatsApp uses Open Whisper Systems’ Signal protocol (the same protocol used by the Signal messaging app) to ward off eavesdropping or data mining. |
Two-step verification (2FA) | Logging in to WhatsApp requires a 6-digit registration code that the app sends to your number by SMS or phone call. 2FA adds a 6-digit security PIN to this process, giving you an extra layer of protection against hackers. You can also use biometric passkeys to unlock the app with your fingerprint or face. |
Password protection | WhatsApp regularly backs up your messages and encrypts these backups. However, for additional security, you can add password protection as well. The app also gives you the option to set a password-protected screen lock that kicks in after your chosen length of inactivity. |
Chat lock | This feature enables you to lock specific chats with a PIN or password, providing privacy for individual conversations. It's especially useful for keeping sensitive discussions confidential, allowing you to share your device without worrying about someone reading your private chats. |
Archive | Archiving chats allows you to hide conversations from your main chat list without deleting them. This feature is great for keeping sensitive conversations out of immediate view, while still retaining the ability to access them whenever needed. |
Disappearing messages | This feature allows you to customize the lifespan of your messages, making them vanish after a set amount of time (24 hours, 7 days, or 90 days). Messages will also disappear if not viewed within the designated period. |
View once media | Like disappearing messages, this feature lets you send photos and videos that disappear after the recipient has viewed them once. This is ideal for sharing sensitive or private media that you don't want to be retained on someone else's device. |
Security notifications | Each WhatsApp chat has its own security code that can be verified between users. The app provides security notifications to inform you if this code changes (which can happen if a contact reinstalls WhatsApp or changes devices). The notifications serve as a reminder to verify the contact's new security code. |
Automatic spam detection | While the app can’t access message contents to analyze them, it uses metadata (like IP addresses) and message-sending rates to identify possible scam communications. If WhatsApp identifies a message as spam, it can block the user number or add a ‘suspicious link’ warning to prevent you from clicking on malicious URLs. |
Group privacy settings | These settings allow you to control who can add you to WhatsApp groups. You can choose to allow anyone, only your contacts, or select contacts to add you to groups. It helps prevent spam and unwanted group additions, giving you more control over your messaging experience. |
Block contacts | WhatsApp allows you to block specific contacts, preventing them from sending you messages, seeing when you’re online (“last seen”), viewing your status updates, or calling you on WhatsApp. This is essential for managing your privacy and avoiding harassment or unwanted communication. |
Account Protect | This feature protects you when you start using WhatsApp on a new device. It asks you to verify your identity on your old device first, to stop hackers getting access to your account. |
WhatsApp Security Threats and Risks
Despite the above features, WhatsApp still faces several privacy issues and risks that you should be aware of:
1. Data Collection by Meta
Meta collects data on how you interact with WhatsApp, your contacts, transaction data (Facebook Pay), and your location. The platform insists that this doesn’t affect the privacy of your chats. However, the information collected is still sensitive data that can be used to identify you or impersonate you in the case of a security breach.
The extent of WhatsApp’s data collection has raised privacy concerns, especially in the context of how this data might be used or shared within the broader Meta ecosystem. Meta has faced scrutiny for its data safety practices in the past. For example, in January 2021, Meta (then Facebook) was fined €210 million by the Irish Data Protection Commission for failing to comply with GDPR requirements concerning data privacy practices.
In 2023, WhatsApp was also subject to a massive data leak. A database including the phone numbers of nearly 500 million global active users was offered for sale on a hacking forum. It’s thought that many of these numbers may then have been used to launch phishing attacks on the app.
2. WhatsApp Scams
The variety of scams on WhatsApp is significant, with the Federal Trade Commission (FTC) reporting a noticeable increase in social engineering or social hacking on the app. According to a report by Kaspersky, WhatsApp messages make up around 82.71% of its total blocked phishing attacks.
Other common scams include:
- Loved ones in need. Scammers pretend to be a family member or friend in crisis — using generic greetings like “Hey mom/dad” — to solicit money from unsuspecting users.
- Fake gifts. In this phishing trick, hackers send messages claiming to offer free gift cards. However, the links they send take you to malicious sites designed to steal your personal information. Another scam claimed it was WhatsApp’s 10th birthday, with a link offering ‘free data’ to celebrate.
- Malicious QR codes. Linking devices under one WhatsApp account requires you to scan a QR code from the WhatsApp website. Some scammers set up fake versions of this landing page, with false QR codes that give them access to your account. Another scam asks the victim to scan fraudulent QR codes to “receive” UPI payments — stealing the money instead.
- Fake tech support. Fraudsters can pose as WhatsApp customer service to phish for sensitive data by asking you to “verify” your identity. They can then use the information you give them to access your account and/or commit identity or financial theft.
- Fake apps. Fake apps or fake WhatsApp sites allow cybercriminals to launch man-in-the-middle attacks, in which they intercept or alter your communications. One example is the WhatsApp Gold scam, which invited users to a fake special edition of the app. WhatsApp Web and Desktop are particularly vulnerable to being faked, as mobile stores like the Google Play Store or Apple’s App Store are more tightly regulated.
- Verification code hack. This is when an attacker attempts to trick you into sharing the verification code WhatsApp sends you when you log in to your account. Most often, the scammer will send you a message claiming they accidentally logged in to WhatsApp with your number instead of theirs. They then request the code you’ve been sent. Giving them this code allows them to access and control your account.
- Bogus job opportunities. Scammers promise lucrative opportunities to unsuspecting users as a pretext to extract personal or financial information as part of the “onboarding process”. These kinds of recruiter scams have grown alongside remote working — cybersecurity firm Sophos identified a 300% increase in fake job offers spread via WhatsApp during the pandemic.
3. Backup Vulnerabilities
A study by the Darmstadt Technical University in Germany highlighted the risk posed by unencrypted WhatsApp backups on Google Drive and iCloud. The study revealed that unencrypted backups are vulnerable to access by third parties, including cloud service providers and law enforcement agencies.
E2EE automatically protects WhatsApp chats, but you have to enable end-to-end encryption for backups manually.
4. Malware and Hackers
WhatsApp is often used to spread malicious links or malware. The app itself can also be vulnerable to attack by cybercriminals. For example, the "Skygofree" spyware discovered by Kaspersky Lab in 2018 was able to access WhatsApp messages on Android phones via Google’s Accessibility Services.
In 2019, an attack using Pegasus spyware — software developed by the Israeli company NSO Group — exploited a WhatsApp vulnerability that allowed it to snoop on approximately 1,400 devices. Apps using a range of operating systems were affected, including iOS, Android, Windows Phone, and Tizen.
5. Fake News and Misinformation
The encryption that protects WhatsApp messages also limits the app's ability to police fake news and misinformation. Measures like message forwarding limits have been introduced, restricting forwarding to 5 groups at a time (instead of the previous 250). However, the spread of hoaxes and false information remains a challenge.
WhatsApp has been cited in numerous cases of widespread misinformation. These include the 2020 US presidential campaign, the 2018 Brazil elections, and the 2017 outbreak of violence in India.
6. Revenge Porn and Non-Consensual Image Sharing
WhatsApp’s encryption and ‘view once’ mode can lull users into a false sense of security when it comes to sharing sensitive media in chats — like private photos. The platform has implemented software to prevent screenshots from being taken of ‘view once’ photos. However, there’s nothing to stop someone from using another device to take a picture of sensitive media instead. These images can then be used for blackmailing or revenge porn.
How to Use WhatsApp’s Security Features
To boost your safety and privacy on the app, follow the steps below:
1. Turn on End-to-End Encryption for Backups
This ensures that cloud-based backups aren’t vulnerable to hackers or snoops.
Step 1. Open WhatsApp, navigate to Settings and select Chats.
Step 2. Click on Chat Backup and select the End-to-End Encrypted Backup option. Now, click on the Turn On button and follow the on-screen instructions to create a password or a 64-digit encryption key.
2. Adjust Privacy Settings
You can choose who sees your ‘last online’ activity and decide if others can know when you've read their messages by toggling read receipts. Just bear in mind that disabling read receipts means you won't see when others have read your messages either, except for group chats.
Step 1. Go to Settings in WhatsApp and click on the Privacy option.
Step 2. Adjust who sees your Last Seen, profile photo, About information, and status updates. You can customize each setting according to your privacy preferences. I recommend choosing Nobody as it's the safest option.
3. Enable Fingerprint Lock, Touch ID, or Face ID
For an extra level of security, WhatsApp allows you to lock the app with your fingerprint, Touch ID, or FaceID, depending on your device. This feature ensures that only you can open WhatsApp, preventing others from accessing your messages even if they have physical access to your phone.
Step 1. Open WhatsApp and access the Settings panel. Then click on Privacy and select Fingerprint Lock.
Step 2. Turn on the Unlock with fingerprint toggle. For Apple devices, go to Screen Lock and turn on the Require Touch ID or Require Face ID options to set up the lock.
4. Enable Two-Step Verification
This requires a 6-digit PIN when registering your phone number with WhatsApp, helping you protect your account from unauthorized access.
Step 1. Open WhatsApp, go to Settings and choose the Account option.
Step 2. Select Two-step verification and tap on Enable. Just follow the on-screen prompts and set up a PIN.
5. Keep WhatsApp Updated
Enable automatic updates in your device's app store to ensure you're always using the latest version of WhatsApp. This offers you the most up-to-date security features and the latest security patches to avoid vulnerabilities.
Step 1. Go to the Google Play Store and search for WhatsApp. Apple devices already update WhatsApp automatically.
Step 2. Now, click on the 3-dot icon on the top right and enable the auto updates toggle.
Additional Tips for Using WhatsApp Safely
To ensure a secure and privacy-centric experience while using WhatsApp, follow these essential tips:
- Be cautious of suspicious messages. Stay alert to messages that seem unusual or ask for personal information. Telltale signals often include grammar or spelling errors. Verify the identity of the sender through other means if necessary.
- Regularly review linked devices. Check which devices are linked to your WhatsApp account and log out from any that you don't recognize or no longer use. This can be found under WhatsApp Web in the app settings.
- Recognize and avoid common scams. Educate yourself on the various scams that target WhatsApp users, such as phishing attempts, fake job offers, and lottery scams. If something sounds too good to be true, it likely is (you can always verify messages by contacting companies directly). Look out for fake apps and only download WhatsApp from official sources.
- Limit who sees your WhatsApp Status. Like Instagram Stories, your WhatsApp status allows you to add videos or images that can be viewed for 24 hours. These updates are vulnerable to screenshotting or screen recording. To limit who sees your status, go to Updates, tap the 3 dots next to My status, then Status Privacy, and choose from the options. You can select from My contacts, My contacts except, or Only share with.
- Turn off location settings. You can turn off location permission for WhatsApp in your device settings. This prevents the app (and Meta) from getting access to your location, though it means some features — like sending your live location to contacts — will no longer work.
- Don’t give out your phone number. Only share your phone number with people you trust. Your phone number is key to your WhatsApp account, and sharing it widely can increase your risk of being targeted by scammers.
- Use antivirus software or a VPN. Security software that comes with malware detection and malicious link warnings can help you avoid clicking on any dangerous links.
- Never share your registration code or 2FA PIN with others. These are critical to keeping your account secure. Genuine WhatsApp customer support reps won’t ask for this information. If you choose to use the app’s password protection features, also make sure to choose strong passwords.
- Update your device and app regularly. Ensure your device's operating system is up-to-date to benefit from the latest security improvements. It’s a good idea to keep the WhatsApp app updated for the same reason.
Editor's Note: Transparency is one of our core values at vpnMentor, so you should know we are in the same ownership group as ExpressVPN. However, this does not affect our review process.
FAQs on Using WhatsApp
Is WhatsApp safe for sending private photos?
Not necessarily. The app offers end-to-end encryption for all its messages, including photos. It also has a ‘view once’ feature to send self-destructing media that can’t be screenshotted. However, nothing is stopping the recipient of such photos from using another device to capture them instead — which can be a key part of online dating scams. Always exercise caution when sending private photos to anyone.
Can I safely use WhatsApp for business?
WhatsApp is fairly safe for business use. The end-to-end chat encryption and 2FA ensure that messages, documents, and calls are secure. That said, you can make it even safer by enabling end-to-end encryption for backups and fingerprint locks too.
There’s also a tailored WhatsApp Business service you can use, that lets you create a business profile, automate messages, and organize your customer chats with labels.
Why would someone use WhatsApp instead of texting?
WhatsApp is encrypted and free to use, whereas traditional texting can incur charges. The platform also has additional safety features not offered by SMS. Last but not least, WhatsApp supports free international messaging and provides a platform for voice and video calls, as well as media sharing (which can cost a lot or exceed file size limits for texts).
Is WhatsApp safe for kids?
WhatsApp can be safe for kids with proper guidance and monitoring from parents. The app offers end-to-end encryption, which helps in keeping conversations private. However, issues such as exposure to inappropriate content, talking to strangers, and cyberbullying exist. There’s also a lot of scamming, fake news, and misinformation on the platform, so it’s important to educate your children about these risks.
That said, WhatsApp doesn’t have any specific parental controls and the app itself recommends that it shouldn’t be used by anyone under 13.
Can WhatsApp protect against government surveillance?
WhatsApp's end-to-end encryption is designed to secure messages against snooping. The app also comes with multiple security features that keep your messages protected. Enabling 2FA and fingerprint protection can help to protect your WhatsApp account from unauthorized access.
That said, WhatsApp itself still collects a lot of your metadata (such as the time of communication and contact details). The platform could potentially share your information with authorities under specific legal circumstances — for example under warrants or subpoenas.
Wrapping Up
WhatsApp offers a high level of security for its users, primarily through its end-to-end encryption feature, which ensures your messages stay unreadable. Its additional security features make the platform safe to use in most everyday situations.
That said, it’s still important to be aware of Meta’s data-logging policies, as well as scams on the platform. Always be cautious about sharing personal information and ensure you’re making the most of the app’s security settings.
Your data is exposed to the websites you visit!
Your IP Address:
Your Location:
Your Internet Provider:
The information above can be used to track you, target you for ads, and monitor what you do online.
VPNs can help you hide this information from websites so that you are protected at all times. We recommend ExpressVPN — the #1 VPN out of over 350 providers we've tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it's currently offering 61% off.
Leave a comment
How useful is the 2FA? I have it on (without email) and have been getting so many notifications lately that someone is trying to log into my account. I tried to contact WhatsApp support but they just give a generic reply that there has been suspicious activity regarding registration and registration can’t be done now.
If the hacker successfully got the sms verification code by sms swap or other means, can they reset the 2FA and thereby negate its usefulness?
I’m assuming since I’m still logged into WhatsApp, it means they have not been successful yet. Is that true?
Thanks!
Please, comment on how to improve this article. Your feedback matters!