A few hours ago, we have reported that one Dutch developer has identified a serious vulnerability in WhatsApp for Android in which attackers can gain access to the messages database stored on the microSD card or internal storage of your mobile device.
Today, WhatsApp has issued a statement to TechCrunch denying the vulnerability discovered in the Android version of the messaging service saying:
“We are aware of the reports regarding a security flaw. Unfortunately, these reports have not painted an accurate picture and are overstated. Under normal circumstances the data on a microSD card is not exposed. However, if a device owner downloads malware or a virus, their phone will be at risk. As always, we recommend WhatsApp users apply all software updates to ensure they have the latest security fixes and we strongly encourage users to only download trusted software from reputable companies. The current version of WhatsApp in Google Play was updated to further protect our users against malicious apps.”
In other words, WhatsApp says that the problem isn’t directly attributable to its app, but the presence of malware or virus that has access to the messages data stored on a microSD card.
Then again, it’s still unclear what’re the “additional protection” included in the version 2.11.186. The changelog doesn’t read any reference to the conversations. In any case, the Dutch consultant has confirmed that his proof-of-concept also works with the latest release.