Research by cryptographers from Ruhr University Bochum shows that anyone who controls WhatsApp’s servers can secretly add people to group chats.
This means users who have covertly been added to group chats can snoop on group conversations without the group’s members knowing.
“Our systematic analysis reveals that the groups’ closeness – represented by the members’ ability of managing the group – are not end-to-end protected,” said the researchers.
“We additionally show that strong security properties, such as Future Secrecy which is a core part of the one-to-one communication in the Signal protocol, do not hold for its group communication.”
Wired explained that the “confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them”.
Wired said the adding of new members should be protected against. “If not, the value of encryption is very little.”