Popular messaging service WhatsApp, which recently made headlines for its testing of a voice calling feature, reportedly has a minor security issue in its browser-based interface which exposes profile details of any user and does not properly sync conversations with its mobile counterpart.
According to a report by Softpedia, India-based security researcher Indrajeet Bhuyan has revealed that WhatsApp Web has a photo privacy bug that lets users view the profile image of other users, even when they are not on the contact list of that person. Moreover, the profile image can be viewed even if the user has set the privacy option to "contacts only".
This means, any person can view anyone's profile image, automatically bypassing the default privacy settings offered by WhatsApp.
Bhuyan detected the above issues on the web services of WhatsApp, which reportedly does not correctly sync with the phone application.
Additionally, Bhuyan encountered another problem related to web photo syncing. When an image is sent to a user via the mobile WhatsApp version and the user deletes the image, it appears blurred and cannot be viewed. However, it is still accessible via the web client. This suggests the two services are yet to be synced properly.
The security researcher has released a video, detailing the latest vulnerability within WhatsApp. Check the video below:
Meanwhile, digital security expert Graham Cluley in his blog post has said: "Sure, it's not the most serious privacy breach that has ever occurred, but that's missing the point. The fact of the matter is that WhatsApp users chose to keep their profile photos private, and their expectation is that WhatsApp will honour their choices and only allow their photos to be viewable by those who the user has approved."