Some messages sent through WhatsApp can be intercepted and read thanks to a bug in the app, suggests research.
The bug arises because of the way WhatsApp encrypts the messages sent via its service.
Security expert Thomas Boelter found that eavesdropping was possible when circumstances called for encryption keys to be reissued.
Mr Boelter told WhatsApp owner Facebook about the issue in April 2016 but it said it was not working on a fix.
The response he received said that what he had discovered was expected behaviour.
Privacy campaigners claimed in The Guardian newspaper that the bug was a "huge threat" to freedom of speech because it could be used by governments or law enforcement agencies to spy on people who thought they were communicating securely.
In a statement reacting to media stories about the research, WhatsApp said the bug was not a "backdoor" intentionally placed in its code that allowed governments to make the firm decrypt messages.
"This claim is false," it said. "WhatsApp does not give governments a 'backdoor' into its systems and would fight any government request to create a backdoor."
Bad coding
The bug crops up in situations when encryption keys used to scramble messages have to be reissued and resent.
Mr Boelter found that, in certain circumstances, attackers can pose as the recipient of a message and force WhatsApp to reissue keys for scrambling information.
Sophisticated manipulation of this system would let attackers intercept and read messages, said Mr Boelter.
Zack Whittaker, security editor at ZDNet, said it was a "stupid and big bug" but played down its seriousness.
The problem was "limited" in its scope, he said, adding that it probably emerged because of "bad coding or a favour to good user experience".
In its statement, WhatsApp said it had taken a design decision to implement the re-issuing of keys in this way to preserve millions of messages that would otherwise be lost.
Cryptographer Frederic Jacobs said anyone worried about falling victim to the bug could adjust security settings on the app to warn them if encryption keys were being changed.
Latest Stories
-
Dr. Stacy Amewoyi launches new books and expands philanthropic efforts across Ghana and US
4 minutes -
Hindsight: Legon Cities’ five years of fugazi money
18 minutes -
JoyNews’ Kwasi Debrah ties knot with Dr. Neta Pasram in beautiful ceremony
18 minutes -
Wimbledon winner Purcell admits anti-doping breach
38 minutes -
Political party influence undermines leadership independence, says Prince Kofi Amoabeng
43 minutes -
CHASS advises against reopening schools on Jan. 3 until financial arrears are cleared
52 minutes -
Newmont’s Akyem Vocational Institute unveils battery-powered fufu machine at graduation ceremony
56 minutes -
Newmont reinforces cultural heritage commitment in host communities
1 hour -
Oti Region records over 10 road accident deaths from January to September this year
1 hour -
Ecobank Ghana inaugurates ‘Ecobank Retirees Association’: A legacy of fellowship and service
1 hour -
Optimal OMD appoints Taniya Mondal as MD
1 hour -
Lekzy DeComic hailed for masterful emceeing at OB Amponsah’s comedy show
2 hours -
Premier Care Hospital sparks joy with second annual nine lessons and carols night!
2 hours -
OB Amponsah fills 4,000 capacity Bukom Boxing Arena with comedy special
2 hours -
Bridging digital and human intellect: Africa’s Path from 4IR to 5IR
2 hours