WhatsApp is the most popular messaging app in the world. According to Statista, as of July 2019, 1.6 billion people were using the messaging platform every month. And thankfully, all those people are using one of the most secure and private messaging platforms on the planet.
Let’s hope that continues to be true. With WhatsApp’s founders having left Facebook under acrimonious terms and Facebook’s upcoming rebranding of WhatsApp, along with its plans to merge it with the messaging platforms of Instagram and Facebook Messenger, WhatsApp is headed into an era of change. Mark Zuckerberg says that Facebook’s entire suite of services will become more privacy-centric. But I’m not optimistic, considering Facebook is essentially an antiprivacy company.
That being said, in recent conversations with family and friends, young and old, new and longtime users, I’ve discovered that many WhatsApp users aren’t getting the maximum privacy out of the app that they could be getting today. That includes protections that keep your WhatsApp activity out of sight from other users, Facebook itself, and bad actors. Here’s a guide to how to take advantage of all the privacy measures the service offers.
Protect your privacy from other users
It only makes sense that we use WhatsApp to share information with our friends. It is a communications platform, after all. However, by default WhatsApp is set to share more of your information with your friends and other users than you probably realize.
When you join WhatsApp you’re given the option to upload a profile picture and change the “Hey there! I’m using WhatsApp” About text to a more personalized message. Many people change this to include their occupation, website, other social media handles, the university they go to, or city they live in.
All this information is available to anyone who messages you on WhatsApp–even people you don’t know. This could leave some users vulnerable. For example, if you give your WhatsApp contact info out to a stranger you’ve just met on a dating app, that person could use such information to stalk you, especially if your About text lists where you work or live.
That’s why you should make sure the permissions options for who can see your profile photo and About bio are not set to “Everyone” and are instead set to “Nobody” or only “My Contacts.” You can do this by going into WhatApp’s settings and tapping on Account>Privacy>Profile Photo and Account>Privacy>About.
WhatsApp also offers a feature called “Status” that allows you to share a photo or text as a status update. By default, all of your WhatsApp contacts can see these status updates—be they your friends or your boss. While your friends may find it funny that you’re planning on getting bombed off your rocket this Tuesday night, you boss may find it worrisome, because you’re leading a presentation with a big client the next morning.
For this reason, it’s a good idea to be selective with who can see your Status updates. In WhatsApp’s settings, go to Account>Privacy>Status and change it from “My Contacts” to either “My Contacts Except” or “Only Share With.” The first option lets you exclude certain people from seeing your status updates. The second one allows you to give only a select few of your contacts the ability to see them. Generally, “Only Share With” is the safer option as it will automatically exclude any new WhatsApp contacts you’ve added since you last changed these settings.
Finally, don’t let people—yes, even your friends—stalk you via WhatsApp. This is easy for them to do if you keep two options on their default settings. Under Account>Privacy the “Last Seen” option is set to “Everyone” by default. This means anyone you’re contacts with on WhatsApp can see when you were last using the app. If you’re telling your boss you’re hard at work on the report that’s due in just a few hours but he opens his WhatsApp and sees you were just online two minutes ago, the game is up. Likewise, if you don’t feel like replying to friends’ messages right away—and wait hours or days to do so—they could clearly see you’re ignoring them because they’ll be able to tell the last time you opened the app.
And speaking of your friends being able to tell when you’ve last used the app, disable Read Receipts by going to Account>Privacy and toggling the switch to off. Trust me, you’ll feel liberated when you do this.
Keep more activity private from Facebook
Yeah, yeah, Facebook claims it’s not doing anything nefarious with the data WhatsApp can access about you when you give it certain system-level access permissions on your phone. But it’s perfectly reasonable to remain skeptical. That’s why it’s best to make sure you limit WhatsApp’s ability to access your data outside of the app.
In both iOS and Android, you adjust WhatsApp’s permissions in the phone’s Settings app. I recommend turning off access to your location, photos, contacts, calendars, microphone, and camera.
A word of warning: Doing this will vastly limit what you can do in WhatsApp other than sending text messages—you won’t be able to make voice or video calls. But keeping these settings set to disallow access to these privacy-critical data points means Facebook can’t do anything behind your back with that data. If you’re privacy-conscious, whenever you do want to share your location via WhatsApp or want to send a photo or make a call using the app, only then should you manually change the setting to allow access—and as soon as you’re done, change the setting back to disallow access to that data.
Oh, and a note about blocking WhatsApp’s access to your Contacts. Facebook doesn’t want you to do this. The company wants to know who you know, from your friends to your bosses to your doctors. And if you ever disallow WhatsApp access to your Contacts, Facebook will strip your ability to see the names of your WhatsApp contacts in the app, even though the app could easily still show you the name of each contact since every WhatsApp user sets a user name (usually their own) when they join the app. This is one of the most manipulative things Facebook does with WhatsApp. But the company knows the annoyance of only seeing a user’s phone number is enough to force people to hand over their Contacts data.
Keeping your WhatsApp account secure from nosy friends and bad actors
Finally, you’ll want to make sure you use WhatsApp’s maximum security settings, so no one can access your messages—even if they have access to your phone.
First, you’ll want to enable two-step verification. You do this in WhatsApp’s settings by going to Account>Two-Step Verification. With this enabled, you’ll need to enter a PIN when registering your phone number with WhatsApp again. This ensures bad guys who have spoofed your number won’t be able to log into your WhatsApp account on their phone and see all your messages without that PIN.
Next, if you use an iPhone, you’ll want to add an extra layer of biometric security to the WhatsApp app itself. To do this, in WhatsApp’s settings go to Account>Privacy>Screen Lock. In iOS, toggle the “Require Face ID” or “Require Touch ID” switch to ON and choose how soon you want to require this authentication for opening the app again after closing it. Requiring this authentication to launch the app again means you can safely let friends use your phone knowing that they won’t be able to launch WhatsApp and read all your messages. (This feature is not yet available on Android unless you’re using the newest beta.)
Finally, you should disable cloud backups of your WhatsApp messages. Setting WhatsApp to back up your messages to online cloud services such as Apple’s iCloud is useful in that it gives you a way to retrieve those messages on a new device if your old one is ever lost or stolen.
However, when you back up your WhatsApp messages to services like iCloud, your normally end-to-end encrypted WhatsApp messages are stored in an unencrypted format, giving anyone who can access your cloud account, such as hackers, the ability to read every WhatsApp message you’ve ever sent. WhatsApp even explicitly warns users of this risk in the app. If that’s too much risk for you, the best thing is to disable cloud backup. On an iPhone, go to Chats>Chat Backup>Auto Backup and set this option to Off. On an Android phone, go to Chats>Chat Backup and make sure “Back up to Google Drive” is set to “Never.”