WhatsApp private group links visible in Google search results
Journalist Jordan Wildon stated on Twitter that WhatsApp groups may not be as secure as people thought they were and shared a screenshot, showing some links to groups appearing in Google search results. Apparently, when users create a link to send to someone to join their group, it gets indexed by Google and is accessible.
Your WhatsApp groups may not be as secure as you think they are.The "Invite to Group via Link" feature allows groups to be indexed by Google and they are generally available across the internet. With some wildcard search terms you can easily find some… interesting… groups. pic.twitter.com/hbDlyN6g3q— Jordan Wildon (@JordanWildon) February 21, 2020
A WhatsApp’s spokesperson reminded people that links that should be private shouldn’t be disclosed on publicly accessible websites, apparently explaining that the issue was due to unreasonable public posting of some links. When a link for a private group is posted on publicly available websites, it can be used by anyone to join the group and in consequence, see all the messages in it.
However, reverse engineer Jane Manchun Wong’s post on Twitter regarding the situation brings another perspective on it - she is stating this situation was a result of a misconfiguration which allowed around 470,000 Group Invite links to be indexed, and not because someone has not been careful enough when sharing private links. According to her, WhatsApp could change certain configurations in order to exclude the invite pages from appearing in search engines.
A misconfiguration by WhatsApp enabled ~470k Group Invite links to be indexed by search engines— Jane Manchun Wong (@wongmjane) February 21, 2020
It should’ve been `Disallow`ed with robots.txt or with the `noindex` meta tag
thanks @JordanWildon for the tip https://t.co/CJxjJ5qyfhpic.twitter.com/FrW1I9Y8vs
Nevertheless, for the time being WhatsApp maintains the position that this is intended behaviour, not a bug.