A security expert from Double Think has discovered a major security flaw in the way WhatsApp backs up and saves your data that could lead to nefarious users accessing your chat history. Bas Bosschert says that the hole in security lies in the way WhatsApp saves user data when it is manually backed up by the user.
All of the data is stored in the WhatsApp database which is encrypted, but unfortunately the popular messaging service decided to use the same encryption key for every user. This means that a hacker could in theory develop an app that has a hidden side that's sole purpose is to sneak into your Android or iOS file system and copy the data base. Since the same encryption code is used for all WhatsApp users, decryption is quite easy and anyone with a small amount of knowledge on the subject could access your chats.
Bosschert actually developed an app to do exactly what was described above that used a loading screen mask the apps malicious activity. The app was able to acquire and decrypt the encrypted WhatsApp database without fail. WhatsApp did receive an update yesterday, but Bosschert says that this flaw was not fixed. We have reached out to WhatsApp for a comment but a response has yet to be received.