On Wednesday, we passed along a story about a security flaw on the Android version of WhatsApp
, that could allow a hacker to read previous conversations stored on a microSD card. A spokesman for the messaging app, which is awaiting regulatory approval of its $19 billion purchase by Facebook
, said that the stories "have not painted an accurate picture and are overstated
." He added that contrary to earlier reports, the update to the app available in the Google Play Store did contain some enhanced security measures (although it did not beef up the security for stored conversations). The security expert who originally revealed the flaw, Bas Bosschert, says that the security hole still exists even after the update.
In a statement, WhatsApp's spokesman stated that anytime malware or a virus is installed on a phone unknowingly, all data stored on a microSD card is at risk, not just conversations stored there by WhatsApp. And while that might be true, unfortunately for WhatsApp, its pending acquisition by Facebook has thrust it into the spotlight where every thing about the app is magnified.
"We are aware of the reports regarding a “security flaw”. Unfortunately, these reports have not painted an accurate picture and are overstated. Under normal circumstances the data on a microSD card is not exposed. However, if a device owner downloads malware or a virus, their phone will be at risk. As always, we recommend WhatsApp users apply all software updates to ensure they have the latest security fixes and we strongly encourage users to only download trusted software from reputable companies. The current version of WhatsApp in Google Play was updated to further protect our users against malicious apps."-Statement from WhatsApp