WhatsApp is the most widely-used mobile privacy app on the planet and yet in mere days it has become ensnared in a row over a change in its term of service that appears to let owners Facebook carry out commercial surveillance on an unfashionable scale.

A privacy app that does surveillance sounds paradoxical. What is going on?

Computer hacker security attack

WhatsApp first appeared on the iPhone in late 2009, long before most people had even heard of mobile messaging privacy. It bumped along in obscurity until Edward Snowden’s NSA revelations gave it a rocket boost, aided by clever group messaging features, ease of use and the privacy commitment of its idealistic creators. In early 2014, Facebook pounced, buying what was still a tiny startup for the ludicrous sum of $19 billion and WhatsApp was suddenly world famous.

Cynics might say that under Facebook’s wing, WhatsApp was never likely to be the same again. In fact, its makers boosted the app's privacy engineering significantly.

WhatsApp has always used encryption to hide its user’s messages from prying eyes although for a long time the public keys involved were stored on its own servers. This had obvious problems should anyone sniff or legally demand the keys. Earlier this year, WhatsApp finally moved to the superior end-to-end encryption design from Open Whisper Systems backed up something called perfect forward secrecy (PFS). The gist of this is that private keys are now stored on the devices of users and are changed for every message or session.

This is very secure (SS7 mobile network vulnerabilities aside) and means that anyone wanting to see communications between two WhatsApp users would need to access or compromise the device itself. Even WhatsApp can’t see inside messages (although a researcher recently discovered that traces of chats remained even after being deleted, a slightly different issue).

This is implemented with two tiny compromises. While WhatsApp can’t access the user’s private key the public key and phone number are used to build a public directory. Without this it wouldn’t be possible for users to know who else is using the service and contact them. WhatsApp can also see who is sending messages to whom, which it stores in the form of metadata. 

Fast forward to last week when WhatsApp announced the new terms of service:

“While WhatsApp will continue to operate as a separate service from Facebook, we plan to share some information with Facebook and the Facebook family of companies that will allow us to coordinate more and improve experiences across our services and those of Facebook and the Facebook family.”

Techworld has already analysed the surveilance implications of this change but the key point is it that users can refuse this change. When reading the new terms and conditions it is possible to access the "Read more about the key updates to our Terms and Privacy Policy" and remove the WhatsApp phone number.  This means that Facebook won’t be handed the number although WhatsApp will still store it in its public directory. It is possible to amend this for up to a month even after agreeing to the terms.

Most users won't notice or bother because, whisper it,  the vast majority of WhatsApp users like the app because it's popular and their friends and family also use it. Its universality is its attraction, not its privacy, which is often seen as an afterthought. Integrating it with Facebook will strike many of them as a good idea.

WhatsApp and the surveillance economy

So there we have it, an app that gets ever more private in terms of messaging security while at the same time the identity and behaviour of the people using it becomes ever more public. It's been said countless times before about the world of free apps, social media and cloud services but this is the bargain users accept when they download such software - in the world of f'ree' the user becomes the product.

WhatsApp started as a privacy app and it remains a privacy app. But you, the user, can't also be private too. Facebook wants to know about you and your life because aggregated across humdreds of millons of people that is more valuable than charging for an app or service.

For anyone bothered by this pact with the devil, one option is simply to abandon WhatsApp altogether. This will be inconvenient for anyone using group messaging because migrating away from WhatsApp requires ever other member of that group to do the same. There is plenty of evidence that WhatsApp’s group function is one of its features that make it sticky.

Alternatives? Free apps with similar features include Pryvate from Criptyque, G Data’s Secure Chat (derived from Open Whisper Systems) and of course Telegram, an application several governments have said they’d like to have a back door into. The popular Viber app (owned by Rakuten) also now uses end-to-end encryption, although it has been more guarded about the technology behind this. A new app worth looking at is Wire, backed by Skype co-founder Janus Friis. We review the best of these here.

One suspects that privacy-conscious users won't have been using WhatsApp for some time any more than they will have been enthusiastic users of Facebook. But let's be realistic about these apps in the hands of firms whose business model depends on commercial surveillance. As far as large platforms are concerned, there will be no escape.

Worried about WhatsApp privacy? Here are 5 secure alternatives