Whatsapp rebuked over stored contacts privacy policy

Whatsapp Whatsapp allows users to send messages between different smartphone platforms

Related Stories

The Whatsapp messaging app has been criticised after a joint investigation by Dutch and Canadian regulators.

Investigators said that when smartphone owners installed the app it asked to access their address books.

They said the problem was that it then transmitted all the contained phone numbers to its servers, and failed to delete those belonging to people who had not signed up to the service.

Whatsapp has not commented on the report at this time.

The Dutch Data Protection Authority has said that it could take punitive action if the Silicon Valley firm behind the product does not change it.

The Office of the Privacy Commissioner of Canada added that it would also continue to monitor the company, but said it did not have the power to issue sanctions despite its belief that the firm was breaking local laws.

Scan and store

WhatsApp was launched in 2009 and allows users to send each other text, image, video and audio messages.

It works across Android, iPhone, Blackberry, Windows Phone and Symbian platforms and does not charge a fee per message.

Instead some users pay its developer an annual $0.99 (63p) subscription, while others face a one-off cost to download the app. This has helped make it a popular alternative to SMS and MMS message services.

On installation users are asked permission to share their contacts so that the software can identify which of their friends are also on the service.

The regulators noted that only iPhone users running the latest version of Apple's iOS operating system were given the option of manually adding contacts rather than allowing their address book to be scanned.

They noted that although it was not illegal for the firm to have copied over data belonging to non-users, the problem was that it did not delete the information after running the friend-identification check.

Instead, the investigators said, the data was kept in a hashed form - in other words the telephone numbers were transformed into a short code and stored.

"This practice contravenes Canadian and Dutch privacy law, which holds that information may only be retained for so long as it is required for the fulfilment of an identified purpose," said the regulators,

The agencies added that the app's developer had taken steps to address some of their other concerns.

These included the introduction of encryption to prevent third-parties eavesdropping on messages sent via unprotected wi-fi networks, and the adoption of a stronger authentication process to make it harder for scammers to hack accounts in order to send messages from them.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(Getty Images)

The goggles that make you nicer

The day virtual reality changed me Read more...

Programmes

  • European Union's anti-terrorism chief Gilles de KerchoveHARDtalk Watch

    Anti-terrorism chief Gilles de Kerchove on the threat from returning Islamic State fighters

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.