However, WhatsApp stressed that neither WhatsApp – nor Facebook – can see users’ private messages or hear their calls. Similarly, WhatsApp (and Facebook) doesn’t keep logs of who everyone is messaging or calling.
“Whether you communicate with a business by phone, email or WhatsApp, it can see what you’re saying and may use that information for its own marketing purposes, which may include advertising on Facebook,” said WhatsApp.
Another new data-sharing policy makes use of Facebook’s commerce feature, Shops, which lets users buy or sell goods. Businesses can display their goods on WhatsApp utilizing Shops – and if they do so, in WhatsApp, WhatsApp users’ shopping activity can be used to personalize ads on Facebook and Instagram.
“Features like this are optional and when you use them we will tell you in the app how your data is being shared with Facebook,” said WhatsApp.
Finally, WhatsApp said that “message” buttons for messaging a business using WhatsApp are shared with Facebook – “Facebook may use the way you interact with these ads to personalize the ads you see on Facebook,” said WhatsApp.
Regardless of WhatsApp’s clarifications, the public reaction to WhatsApp’s change in data-privacy policies is likely due to the mistrust people have of Facebook and its rocky track record when it comes to privacy, Hank Schless, senior manager of Security Solutions at Lookout, told Threatpost.
“WhatsApp is doing the right thing by explaining the policy changes in plain language and acknowledging the importance of transparent data sharing and app permission policy,” Schless told Threatpost. “It’s going to be a challenge for WhatsApp to win users back who have already made the decision to move to other messaging apps, but their transparency is the right first step.”
These include the shared location information mentioned above. “Even if you do not use our location-related features, we use IP addresses and other information like phone number area codes to estimate your general location (e.g., city and country),” according to WhatsApp. “We also use your location information for diagnostics and troubleshooting purposes.”
WhatsApp also collects data about user activity on its services – including diagnostic and performance information. This includes the features that users utilize, including messaging, calling, status, groups (including group name, group picture and group description), payments or business features.
“This includes information about your activity (including how you use our services, your services settings, how you interact with others using our services (including when you interact with a business), and the time, frequency and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports,” according to WhatsApp.
Above all, “this incident shows that data privacy is now top-of-mind for the general public,” said Schless. “It also illustrates the importance of understanding how mobile apps collect and use your data. Looking forward in 2021, increased awareness around data privacy will drive changes in how consumers and organizations alike think about data sharing within mobile apps.”
Supply-Chain Security: A 10-Point Audit Webinar: Is your company’s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts – part of a limited-engagement and LIVE Threatpost webinar. CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: Register Now and reserve a spot for this exclusive Threatpost Supply-Chain Security webinar – Jan. 20, 2 p.m. ET.