In recent years, smartphone messenger apps have gained so much popularity that they will, sooner or later, replace SMS-based text messaging. The resulting privacy implications, however, have thus far been neglected. With this project, therefore, we aim to raise awareness of the various kinds of privacy-related information that can be queried using a phone number without any user authorization. We will also highlight how regularly querying a user’s online status can easily allow inferences to be drawn about their living habits. For more details, please refer to the Problem Statement and Technical Background pages.
It is well-known that intentionally shared profile information, such as pictures and status messages, can be queried using a user's phone number without their knowledge. The fact that this also comprises system events, such as a user's current availability status, has, however, been thus far mostly overlooked. To demonstrate the reality of this threat, we monitored the online times of 1,000 randomly chosen users of the popular WhatsApp messaging application over several months. We will use anonymised usage statistics to demonstrate that large-scale monitoring of users’ online times is practically feasible, as well as showing how this collected data can allow insights into users’ daily habits. The resulting privacy implications are numerous and depend highly on the social context: excessive messaging during working hours, for example, might upset a manager, while ignoring messages could potentially jeopardize a user's romance or partnership. In conclusion, using smartphone messenger apps instead of well-known communication methods, such as SMS or email, leads to a significant loss of plausible deniability.
Unfortunately, affected messenger services (like WhatsApp, Telegram, etc.) currently provide no option for disabling access to a user's "online" status. Even WhatsApp's newly introduced privacy controls fail to prevent online status tracking, as users still cannot opt-out of disclosing their availability to anonymous parties. For information on stopgap measures, however, please refer to the Recommendations page.
2014 © ALL Rights Reserved.