Reminder to @WhatsApp users that downloading a fake or modified version of WhatsApp is never a good idea. These apps sound harmless but they may work around WhatsApp privacy and security guarantees. A thread:
Recently our security team discovered hidden malware within apps – offered outside of Google Play - from a developer called “HeyMods” that included "Hey WhatsApp" and others.
These apps promised new features but were just a scam to steal personal information stored on people’s phones. We’ve shared what we found with Google and worked with them to combat the malicious apps.
Google Play Protect on Android can now detect and disable previously downloaded malicious fake versions of WhatsApp. We appreciate the help of Google for their continued work to prevent malicious apps from proliferating on Android devices.
We’ll of course continue our efforts to detect and block these kinds of apps going forward. We're also taking enforcement action against HeyMods to stop future harm, and will further explore legal options to hold HeyMods and others like them accountable.
Mobile phone malware is a pernicious threat that must be countered and the security community continues to develop new ways to prevent it from spreading.
If you see friends or family using a different form of WhatsApp please encourage them to only use WhatsApp from a trusted app store or our official website directly at WhatsApp.com/dl.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Today we’re very excited to share our vision for a feature we’re calling WhatsApp Communities. This is new functionality we’re building to support the many organizations that use WhatsApp to communicate in a private and secure way.
We’ve heard from many workplaces, non-profits, and local organizations that have been using WhatsApp for their private communication, and there’s a lot we can improve to make WhatsApp work better for groups like these.
Communities will make it possible for admins to organize groups under one umbrella, send announcements, and decide which groups can be part of their community to help make group conversations work for their organization.
This paper is definitely worth reading. It's from some of the leading minds on computer security and it goes into great detail on why client side scanning (CSS) -- which @WhatsApp opposes -- would be very dangerous for us all.
They explain in clear terms the many problems with client side scanning proposals, concluding the security risks they would create for everyone would make "us all less safe and less secure."
"CSS has been promoted as a magical technological fix for the conflict between the privacy of people’s data and communications and the desire by intelligence and law enforcement agencies for more comprehensive investigative tools...
I read the information Apple put out yesterday and I'm concerned. I think this is the wrong approach and a setback for people's privacy all over the world.
People have asked if we'll adopt this system for WhatsApp. The answer is no.
Child sexual abuse material and the abusers who traffic in it are repugnant, and everyone wants to see those abusers caught.
We've worked hard to ban and report people who traffic in it based on appropriate measures, like making it easy for people to report when it's shared. We reported more than 400,000 cases to NCMEC last year from @WhatsApp, all without breaking encryption. faq.whatsapp.com/general/how-wh…
This groundbreaking reporting from @Guardian, @WashingtonPost, and many others demonstrates what we and others have been saying for years: NSO’s dangerous spyware is used to commit horrible human rights abuses all around the world and it must be stopped. theguardian.com/world/2021/jul…
Human rights defenders, tech companies and governments must work together to increase security and hold the abusers of spyware accountable. Microsoft was bold in their actions last week blogs.microsoft.com/on-the-issues/…
In 2019, @WhatsApp discovered and defeated an attack from NSO. They rely on unknown vulnerabilities in mobile OSes, which is one of the reasons why we felt it was so important to raise awareness of what we'd found. washingtonpost.com/opinions/2019/…
I've been watching a bunch of discussion this week about the privacy policy update we’re in the process of making @WhatsApp and wanted to share some thoughts.
Thread 👇
I want to share how committed everyone @WhatsApp is to providing private communication for two billion people around the world. At our core, that’s the ability to message or call loved ones freely protected by end-to-end encryption and that’s not changing.
With end-to-end encryption, we cannot see your private chats or calls and neither can Facebook. We’re committed to this technology and committed to defending it globally. You can read more here: whatsapp.com/security/
This morning the U.S. Senate Judiciary Committee held a hearing on the "EARN IT" Act. While not directly mandating a backdoor, as written, this act would form a commission that could have the power to require services like @WhatsApp to stop offering end-to-end encryption. 1/
Absent clear protections for encryption, EARN IT has the potential to make people less safe, not more, by reducing the security of the over 2 billion people who use WhatsApp to communicate, not to mention all the other encrypted services as well. 2/
It was great to see several Senators stand up for end-to-end encryption - this sends a powerful message to the world that end-to-end encryption helps protect people and we hope to see that affirmed in the text of the bill itself 3/