A new security bug found in WhatsApp now lets anyone see your profile photo even if you have set it to ‘Contacts-only’.
A 17-year-old security researcher, Indrajeet Bhuyan, discovered this problem. The problem occurred due to the new web version. It is said to be a result of the phone app not being synced properly with the new web interface.
Basically, people usually prefer to share their profile pictures only with their contacts, and the security bug makes your private picture available to strangers.
Bhuyan has also discovered another bug in the web version. The web app shows photos that have been deleted. On your phone, you will notice that the photos get blurred once you delete them, but looks like the web saves them indefinitely.
This also means the web version introduced last month still doesn’t follow all the security measures taken for the mobile version.
Security expert Graham Cluley said, “Sure, it’s not the most serious privacy breach that has ever occurred, but that’s missing the point. The fact of the matter is that WhatsApp users chose to keep their profile photos private, and their expectation is that WhatsApp will honour their choices and only allow their photos to be viewable by those who the user has approved.”
There has been no response from WhatsApp about this security flaw.