New Vulnerability discovered in the android version of whatsapp by a CTO and consultant, Bas Bosschert indicates that the flaw can allow another app to access and read all of a user’s whatsapp messages and chats within it.
Bosschert outlined the chat-stealing process on his blog – HERE
Due to the fact that Android stores WhatsApp conversations on External memory, hackers need to remotely access the External memory through another app and Then they need a place to store the WhatsApp database, preferably a webserver. Then they need to put a malicious Android app on the user’s phone; this malware will download the WhatsApp database onto the server.
Lately WhatsApp made a security update using encryption to encrypt the database, so it can no longer be opened by SQLite. But Bosschert outlined that it He simply decrypt this database using a simple python script. This script converts the crypted database to a plain SQLite3 database.
On Android, any app that has full access to the smartphone and can access data from other apps and upload it to third parties But this brings up, yet again, lingering questions about Android infrastructure.
By comparison, Apple doesn’t allow access to data outside of an app’s own sandbox, which stops malicious developers from tinkering with your data through a dummy app, as described above.