WhatsApp leaks some phone numbers on Google. The problem would come from the new contact card sharing feature via a QR Code. The firm seems to have since partly resolved the problem, but it is still possible to access lists of telephone numbers, including numbers registered in France.
Security researcher Athul Jayaram, whose findings are echoed by the Slashgear blog, reveals that many phone numbers have been found on Google for some time via Whatsapp. The problem would have appeared during the launch of the QR Code contact card sharing feature. The code in question redirects the recipient via a shortened link, which begins with the address http://wa.me/.
Yet many of these links have been visibly indexed by the Google search engine. If in any case, the links are well secured, and do not allow malicious action to be carried out, Google still resolves the landing page. This causes phone numbers to appear in search results in the title of each result on the Message + [phone number] template on WhatsApp.
However, notes the researcher, by typing “site: http: //wa.me” in Google it was thus possible to display a list of telephone numbers. By adding the country code (+33 for France), it was even possible to filter only French numbers. We talk about it in the past tense because when we repeated the test, no result appeared. At least with the address “site: http: //wa.me”. We have indeed managed to display lists of numbers by typing another address used by WhatsApp: “site: api.whatsapp.com”.
According to Slashgear, the people in charge of WhatsApp are aware of the problem (which seems to confirm the disappearance of the results of the domain https://wa.me/), but would not consider it to be a real critical security flaw. . Still, if you want to avoid finding your phone on Google, it is probably safer, at this stage, not to use the new contact sharing feature in WhatsApp.