The WhatsApp mobile messaging service is still breaching privacy laws, an investigation by the Dutch and Canadian provacy watchdogs has concluded.
The investigation concluded that WhatsApp had done much to fix its security flaws. For example, it has patched a vulnerability that allowed a third party to send and receive messages in other users’ names and without their permission.
It’s also added encryption to the service, after it was revealed that messages could be intercepted when sent via an unsecured Wifi connection, and improved the authentification process.
However, the investigation found that the company still hasn’t done everything it should.
“The investigation revealed that users of WhatsApp – apart from iPhone users who have iOS 6 software – do not have a choice to use the app without granting access to their entire address book. The address book contains phone numbers of both users and non-users,” says Jacob Kohnstamm, chairman of the Dutch Data Protection Authority.
“This lack of choice contravenes [Dutch and Canadian] privacy law. Both users and non-users should have control over their personal data and users must be able to freely decide what contact details they wish to share with WhatsApp.”
Under Canadian and Dutch law, it’s not illegal for WhatsApp to have accessed data relating to non-users, it should have deleted it as soon as the user’s friends were identified.
The two bodies plan to keep up the pressure, but say that WhatsApp has been cooperative so far, and that they expect to be able to resolve things amicably.