The world's leading businesses trust WhatsApp to communicate with their customers. But, concerns about WhatsApp's security still exist. So, is WhatsApp secure? Here's what business leaders should know.
Why WhatsApp security is in the spotlight
As people continue to embrace shopping via messaging, conversational business is becoming critical to success. Brands that engage with customers through conversation increase customer satisfaction, sales, and efficiency.
With 2 billion users around the world, WhatsApp is a natural starting point for businesses that want to communicate with their customers via messaging. WhatsApp also continues to release business products and features and is quickly becoming a playground for businesses to build conversational apps.
Today, there are more than five million businesses using WhatsApp Business. What’s more, 85% of customers who have a good experience with a brand on WhatsApp do not go back to other channels.
But before you get on board, you’ll want to be sure that it’s safe and that your customers are protected. In this article, we’ll address these security concerns so that you can have peace of mind before crafting your conversational strategy.
5 Reasons why WhatsApp is secure for B2C communication
1. WhatsApp uses end-to-end encryption
All WhatsApp messages and calls are secured with end-to-end encryption. To frame this from a business context, this means that only the business and the customer can read messages or listen to calls. Nobody in between, not even WhatsApp, can read business communication.
End-to-end encryption prevents potential eavesdroppers – including telecom providers, Internet providers, the government, and even the provider of the communication service (like WhatsApp) from being able to access the cryptographic keys needed to decrypt the conversation.
2. WhatsApp does not store messages on their servers
WhatsApp does not store your messages as a routine part of providing their services. Your messages are stored on your device -- instead of WhatsApp’s servers.
The only time WhatApp may store your messages is if a message is undeliverable, or if a user forwards a message that contains media. In both cases, the information is only stored temporarily (in the process of delivery). More details about this are below:
- Undelivered Messages: If a message cannot be delivered immediately (for example, if the recipient is offline), WhatsApp keeps it in encrypted form on their servers for up to 30 days as we try to deliver it. If a message is still undelivered after 30 days, they delete it.
- Media Forwarding: When a user forwards media within a message, WhatsApp stores that media temporarily in encrypted form on their servers to aid in more efficient delivery of additional forwards.
3. WhatsApp does not keep call detail records
Unlike traditional mobile carriers, WhatsApp does not keep call detail records. Call detail records kept by traditional mobile carriers include information related to location, who is calling and texting, and for how long. You might see this information on your phone bill, as mobile carriers use it to bill you for cellular usage.
WhatsApp keeps none of this information. WhatsApp believes that keeping these records for two billion users would be both a privacy and security risk, and therefore does not do it.
4. WhatsApp has strict rules for businesses that want to use their services
If you’re a larger business that needs access to more features, like the WhatsApp API, you’ll have to work with an Official WhatsApp Business Solution Provider (BSP).
With the help of your Business Solution Provider, you’ll be able to build on top of the messaging experience that WhatsApp provides to make it more scalable, efficient, and meaningful.
Hubtype is one of the few companies that WhatsApp trusts to help businesses build these experiences. As such, we must comply with strict data and privacy regulations.
For example, our products are designed to meet European, Canadian, and US privacy laws. No matter where you are, you can be sure that our products and services comply with any privacy framework, including the GDPR.
5. The WhatsApp Business API offers the same level of security as the app
With the WhatsApp API, the end-to-end encryption of messages remains unchanged. The communication between you and your customer is secure. WhatsApp does not store messages or relationships between numbers and contact information.
However, once you receive the message, you will likely need to store it, at least temporarily, just as you would any other type of customer communication. Storing this information is necessary to manage relationships with customers, personalize experiences, and more.
At that point, this information will be subject to your business’ privacy practices. You may designate a number of employees, or even other vendors, to process and respond to the message.
Again, an official Business Solution Provider like Hubtype will help you navigate this process. We give you the tools you need to keep customer data encrypted and secure, while at the same time ensuring it is a valuable resource to power better experiences.
Through our dedication to information security, rigorous testing, and strict adherence to global privacy standards, you’ll gain the confidence you need to serve customers on messaging at scale.
How can I protect my customers while using WhatsApp?
If you’re an enterprise company using the WhatsApp API, make sure you're working with an official Solution Provider. There are plenty of rogue WhatsApp Business Solution Providers out there, and they may not have the proper security protocols in place.
You can double-check to make sure your business solution provider is on this list from WhatsApp.
Businesses that use WhatsApp (securely) for customer communication
At Hubtype, we work with businesses for which security is a top concern. We've helped Michael Kors, Guess, Decathlon, Bankia, Allianz, Zurich, and Volkswagen among others to use WhatsApp safely and securely.
We know how important it is for businesses to comply with privacy and security legislation. Our tools and workflows are designed to protect you and your customers at all times.
The world's leading banks and insurers trust Hubtype to safeguard their customer communications. We help enterprise companies serve customers on messaging at scale, without sacrificing security.
Frequently asked questions about WhatsApp Security
How secure is WhatsApp compared to email?
It's ironic that enterprise companies have concerns about WhatsApp yet fail to give their traditional communication tools a second thought.
For example, most email companies do not protect messages with end-to-end encryption. What's more, copies of emails are usually stored on mail servers. If those mail servers are not GDPR compliant (and not all of them are) the business can be held accountable.
Even Gmail, Hotmail, Yahoo, and other leading mail providers lack important security features. For example, Google can technically store messages indefinitely.
Despite efforts to increase security through features like confidential mode, businesses are still at risk. According to Gennie Gebhart, associate director of research at the Electronic Frontier Foundation (EFF), confidential mode provides absolutely no confidentiality from Google.
“My biggest fear with confidential mode is that it will give users a false sense of security that prevents them from seeking more secure, end-to-end encrypted communication options, like Signal or WhatsApp," Gebhart tells Forbes.
How does WhatsApp’s encryption work?
WhatsApp’s encryption works by encoding messages and files so that only the sender and recipient can read them. Encryption software uses complex algorithms to scramble the data being sent. Once received, the data is decrypted using a key provided by the originator of the message.
Why would WhatsApp not be safe?
WhatsApp’s end-to-end encryption protects ensures that messages get from point A to point B without anyone intercepting or reading the message. However, it does not protect users from fraud or phishing scams.
For example, a common WhatsApp scam happens when cyber criminals pretend to be a victim’s acquaintance and then ask them for money. Most of those criminals pose as a friend or family member and ask for financial help.
WhatsApp users should also be careful of malicious content sent to them on WhatsApp. Clicking links and downloading unknown attachments can infect a phone with malware.
These phishing and fraud attempts can happen with any communication channel. It’s important that users exercise caution when dealing with unknown numbers, and never share confidential information with parties they don’t know.
What are the dangers of WhatsApp?
Once a message is received by a device and decrypted, WhatsApp cannot stop someone from unlocking a phone and reading your messages. If someone hacks a phone either physically or digitally after a message is received, there is nothing WhatsApp can do to stop them from accessing a person’s messages.
Similarly, if WhatsApp messages are backed up to the cloud, then this is a copy of the decrypted chat history on your device. At that point, Apple or Google have the keys to your backup—it is outside WhatsApp’s end-to-end encryption.
Is WhatsApp totally private?
WhatsApp prides itself on being a private and secure messaging service. They go to great lengths to build WhatsApp in a way that helps people communicate safely.
However, like any other communication channels, users must exercise caution to make sure their devices don’t fall into the wrong hands. They should also enable two-factor or biometric authentication on their devices and be wary of potential scammers.
Is WhatsApp safe to send private pictures?
WhatsApp is safe to send private pictures between people you know and trust. Just like standard messages, photos are end-to-end encrypted.
However, it is important to note that, by default, WhatsApp automatically downloads the photos you receive from other users to your device. That means that if someone sends you a photo that is encrypted with a virus, you could unknowingly download that virus without even clicking it, or taking an action.
For that reason, it’s recommended to turn that setting off and only accept photos from people that you trust. Read this WhatsApp help center article for steps on how to prevent media photos from automatically downloading to your device.
With the WhatsApp Business API, there are more security measures in place to protect businesses from phishing attacks like the ones described above. Contact Hubtype to discuss how we can help protect both you and your customers from potential threats.