iOS sandbox can allow Facebook to spy on WhatsApp chats

Mark Zuckerberg repeatedly claims Facebook can’t read WhatsApp messages, but this couldn’t be further from the truth. Here’s how iOS sandboxing leaves WhatsApp open to snooping.

Facebook can interact with WhatsApp on iOS

Gregorio Zanon, the lead developer of iMazing, claims Facebook can still theoretically read your WhatsApp data. The flaw lies in the way iOS deals with sandboxing.

Mark Zuckerberg proudly claims that WhatsApp has full end-to-end encryption. Surprisingly, this encryption technique only protects the messages you send to a contact, not messages stored locally. 

Standard iOS protection applies to messages that are stored on-device.

Here’s a sample WhatsApp database dump with all user data intact. You can read more about Gregorio’s findings here.

WhatsApp SQL dump

During Steve Jobs’ tenure as Apple’s CEO, the iOS operating system had strict sandboxing. However, things changed with modern versions that sacrificed security for productivity.

With the advent of iOS 8, Apple introduced ‘App Groups’. These groups allowed a developer to set up multiple apps in the same group and then use it share media/files between them.

Since Facebook now owns WhatsApp, the messaging app is a part of Facebook’s ‘App Group’.

How can you stay safe?

It is not yet known if Facebook really uses this flaw in iOS sandboxing to snoop around on your chats. Nevertheless, it is prudent to beware of how apps deal with your private data.

The only way to truly stay safe is to remove both Facebook and WhatsApp from your iPhone.

However, you can try other alternatives if you feel like you are too deep in Facebook’s ecosystem to leave it at this point.

WhatsApp hack

If you are worried about your WhatsApp messages, simply remove Facebook from your Apple device.

You can still use the social network on your PC or other smartphones.

For more security news and updates, follow us on Facebook and Twitter.

2 Comments

  1. Jakeyt April 15, 2018
    • iOS Expert April 17, 2018

Leave a Reply

Share7
Tweet