Is WhatsApp Safe to Use in 2024? Is It Secure Against Hackers?

WhatsApp comes with robust security measures, including end-to-end encryption and 2FA (Two-Factor Authentication). But is WhatsApp safe to use? Is the app safe from hackers? Its affiliation with Meta has certainly raised concerns over potential data collection and sharing.

The platform is used by over 2 billion users, who send approximately 100 billion messages each day. So, a high level of security and privacy is crucial. However, increasing scam messages, security threats, and other concerns have started to tarnish WhatsApp's reputation as a safe form of messaging.

This guide covers all the potential dangers and the security features WhatsApp offers to help you decide if you want to use it. I’ve also created an in-depth guide with tips for using the Meta-owned messaging app safely, including how to make the most of the app’s security settings.

Is WhatsApp Safe?

WhatApp provides plenty of decent security measures, including end-to-end encryption (E2EE). This encryption method ensures that only the message sender and receiver can view the contents of a communication. It means that WhatsApp can’t actually decrypt or access your messages itself. Other secure messaging apps, like Telegram, use similar methods.

However, the app does have some privacy concerns and can be vulnerable to cyber threats. WhatsApp’s parent company Meta doesn’t have the best reputation when it comes to handling user data. The app has also seen plenty of instances of scams, malware distribution, and phishing. Let’s take a look at both WhatsApp’s features and its vulnerabilities to see how they balance out.

Key WhatsApp Security Features

WhatsApp Security Threats and Risks

Despite the above features, WhatsApp still faces several privacy issues and risks that you should be aware of:

1. Data Collection by Meta

Meta collects data on how you interact with WhatsApp, your contacts, transaction data (Facebook Pay), and your location. The platform insists that this doesn’t affect the privacy of your chats. However, the information collected is still sensitive data that can be used to identify you​​ or impersonate you in the case of a security breach.

The extent of WhatsApp’s data collection has raised privacy concerns, especially in the context of how this data might be used or shared within the broader Meta ecosystem. Meta has faced scrutiny for its data safety practices in the past. For example, in January 2021, Meta (then Facebook) was fined €210 million by the Irish Data Protection Commission for failing to comply with GDPR requirements concerning data privacy practices.

In 2023, WhatsApp was also subject to a massive data leak. A database including the phone numbers of nearly 500 million global active users was offered for sale on a hacking forum. It’s thought that many of these numbers may then have been used to launch phishing attacks on the app.

2. WhatsApp Scams

The variety of scams on WhatsApp is significant, with the Federal Trade Commission (FTC) reporting a noticeable increase in social engineering or social hacking on the app. According to a report by Kaspersky, WhatsApp messages make up around 82.71% of its total blocked phishing attacks.

Other common scams include:

• Loved ones in need. Scammers pretend to be a family member or friend in crisis — using generic greetings like “Hey mom/dad” — to solicit money from unsuspecting users.
• Fake gifts. In this phishing trick, hackers send messages claiming to offer free gift cards. However, the links they send take you to malicious sites designed to steal your personal information. Another scam claimed it was WhatsApp’s 10th birthday, with a link offering ‘free data’ to celebrate.
• Malicious QR codes. Linking devices under one WhatsApp account requires you to scan a QR code from the WhatsApp website. Some scammers set up fake versions of this landing page, with false QR codes that give them access to your account. Another scam asks the victim to scan fraudulent QR codes to “receive” UPI payments — stealing the money instead.
• Fake tech support. Fraudsters can pose as WhatsApp customer service to phish for sensitive data by asking you to “verify” your identity. They can then use the information you give them to access your account and/or commit identity or financial theft.
• Fake apps. Fake apps or fake WhatsApp sites allow cybercriminals to launch man-in-the-middle attacks, in which they intercept or alter your communications. One example is the WhatsApp Gold scam, which invited users to a fake special edition of the app. WhatsApp Web and Desktop are particularly vulnerable to being faked, as mobile stores like the Google Play Store or Apple’s App Store are more tightly regulated.
• Verification code hack. This is when an attacker attempts to trick you into sharing the verification code WhatsApp sends you when you log in to your account. Most often, the scammer will send you a message claiming they accidentally logged in to WhatsApp with your number instead of theirs. They then request the code you’ve been sent. Giving them this code allows them to access and control your account.
• Bogus job opportunities. Scammers promise lucrative opportunities to unsuspecting users as a pretext to extract personal or financial information as part of the “onboarding process”​. These kinds of recruiter scams have grown alongside remote working — cybersecurity firm Sophos identified a 300% increase in fake job offers spread via WhatsApp during the pandemic.

3. Backup Vulnerabilities

A study by the Darmstadt Technical University in Germany highlighted the risk posed by unencrypted WhatsApp backups on Google Drive and iCloud. The study revealed that unencrypted backups are vulnerable to access by third parties, including cloud service providers and law enforcement agencies.

E2EE automatically protects WhatsApp chats, but you have to enable end-to-end encryption for backups manually.

4. Malware and Hackers

WhatsApp is often used to spread malicious links or malware​​. The app itself can also be vulnerable to attack by cybercriminals. For example, the "Skygofree" spyware discovered by Kaspersky Lab in 2018 was able to access WhatsApp messages on Android phones via Google’s Accessibility Services.

In 2019, an attack using Pegasus spyware — software developed by the Israeli company NSO Group — exploited a WhatsApp vulnerability that allowed it to snoop on approximately 1,400 devices. Apps using a range of operating systems were affected, including iOS, Android, Windows Phone, and Tizen.

5. Fake News and Misinformation

The encryption that protects WhatsApp messages also limits the app's ability to police fake news and misinformation. Measures like message forwarding limits have been introduced, restricting forwarding to 5 groups at a time (instead of the previous 250). However, the spread of hoaxes and false information remains a challenge​​.

WhatsApp has been cited in numerous cases of widespread misinformation. These include the 2020 US presidential campaign, the 2018 Brazil elections, and the 2017 outbreak of violence in India.

6. Revenge Porn and Non-Consensual Image Sharing

WhatsApp’s encryption and ‘view once’ mode can lull users into a false sense of security when it comes to sharing sensitive media in chats — like private photos. The platform has implemented software to prevent screenshots from being taken of ‘view once’ photos. However, there’s nothing to stop someone from using another device to take a picture of sensitive media instead. These images can then be used for blackmailing or revenge porn.

How to Use WhatsApp’s Security Features

To boost your safety and privacy on the app, follow the steps below:

1. Turn on End-to-End Encryption for Backups

This ensures that cloud-based backups aren’t vulnerable to hackers or snoops.

Step 1. Open WhatsApp, navigate to Settings and select Chats.

You can configure all WhatsApp settings from this panel

Step 2. Click on Chat Backup and select the End-to-End Encrypted Backup option. Now, click on the Turn On button and follow the on-screen instructions to create a password or a 64-digit encryption key.

Make sure to remember this password or key, as you'll need it to restore your backup

2. Adjust Privacy Settings

You can choose who sees your ‘last online’ activity and decide if others can know when you've read their messages by toggling read receipts. Just bear in mind that disabling read receipts means you won't see when others have read your messages either, except for group chats.

Step 1. Go to Settings in WhatsApp and click on the Privacy option.

The privacy settings also let you block contacts and set up a default message timer

Step 2. Adjust who sees your Last Seen, profile photo, About information, and status updates. You can customize each setting according to your privacy preferences. I recommend choosing Nobody as it's the safest option.

You can also turn on read receipts and set group privacy settings

3. Enable Fingerprint Lock, Touch ID, or Face ID

For an extra level of security, WhatsApp allows you to lock the app with your fingerprint, Touch ID, or FaceID, depending on your device. This feature ensures that only you can open WhatsApp, preventing others from accessing your messages even if they have physical access to your phone.

Step 1. Open WhatsApp and access the Settings panel. Then click on Privacy and select Fingerprint Lock.

You can also set up your face scan to unlock WhatsApp

Step 2. Turn on the Unlock with fingerprint toggle. For Apple devices, go to Screen Lock and turn on the Require Touch ID or Require Face ID options to set up the lock.

Newer Apple iPhones only come with Face ID

4. Enable Two-Step Verification

This requires a 6-digit PIN when registering your phone number with WhatsApp, helping you protect your account from unauthorized access.

Step 1. Open WhatsApp, go to Settings and choose the Account option.

You can also set up security notifications and passkeys

Step 2. Select Two-step verification and tap on Enable. Just follow the on-screen prompts and set up a PIN.

You may need to verify with a code to set up the Two-step verification feature

5. Keep WhatsApp Updated

Enable automatic updates in your device's app store to ensure you're always using the latest version of WhatsApp. This offers you the most up-to-date security features and the latest security patches to avoid vulnerabilities.

Step 1. Go to the Google Play Store and search for WhatsApp. Apple devices already update WhatsApp automatically.

You can repeat the same steps to enable auto updates for other apps

Step 2. Now, click on the 3-dot icon on the top right and enable the auto updates toggle.

You can also join the beta program to get the latest updates and features

Additional Tips for Using WhatsApp Safely

To ensure a secure and privacy-centric experience while using WhatsApp, follow these essential tips:

• Be cautious of suspicious messages. Stay alert to messages that seem unusual or ask for personal information. Telltale signals often include grammar or spelling errors. Verify the identity of the sender through other means if necessary.
• Regularly review linked devices. Check which devices are linked to your WhatsApp account and log out from any that you don't recognize or no longer use. This can be found under WhatsApp Web in the app settings.
• Recognize and avoid common scams. Educate yourself on the various scams that target WhatsApp users, such as phishing attempts, fake job offers, and lottery scams. If something sounds too good to be true, it likely is (you can always verify messages by contacting companies directly). Look out for fake apps and only download WhatsApp from official sources.
• Limit who sees your WhatsApp Status. Like Instagram Stories, your WhatsApp status allows you to add videos or images that can be viewed for 24 hours. These updates are vulnerable to screenshotting or screen recording. To limit who sees your status, go to Updates, tap the 3 dots next to My status, then Status Privacy, and choose from the options. You can select from My contacts, My contacts except, or Only share with.
• Turn off location settings. You can turn off location permission for WhatsApp in your device settings. This prevents the app (and Meta) from getting access to your location, though it means some features — like sending your live location to contacts — will no longer work.
• Don’t give out your phone number. Only share your phone number with people you trust. Your phone number is key to your WhatsApp account, and sharing it widely can increase your risk of being targeted by scammers.
• Use antivirus software or a VPN. Security software that comes with malware detection and malicious link warnings can help you avoid clicking on any dangerous links.
• Never share your registration code or 2FA PIN with others. These are critical to keeping your account secure. Genuine WhatsApp customer support reps won’t ask for this information. If you choose to use the app’s password protection features, also make sure to choose strong passwords.
• Update your device and app regularly. Ensure your device's operating system is up-to-date to benefit from the latest security improvements. It’s a good idea to keep the WhatsApp app updated for the same reason.

Editor's Note: Transparency is one of our core values at vpnMentor, so you should know we are in the same ownership group as ExpressVPN. However, this does not affect our review process.

FAQs on Using WhatsApp

Is WhatsApp safe for sending private photos?

Not necessarily. The app offers end-to-end encryption for all its messages, including photos. It also has a ‘view once’ feature to send self-destructing media that can’t be screenshotted. However, nothing is stopping the recipient of such photos from using another device to capture them instead — which can be a key part of online dating scams. Always exercise caution when sending private photos to anyone.

Can I safely use WhatsApp for business?

WhatsApp is fairly safe for business use. The end-to-end chat encryption and 2FA ensure that messages, documents, and calls are secure. That said, you can make it even safer by enabling end-to-end encryption for backups and fingerprint locks too.

There’s also a tailored WhatsApp Business service you can use, that lets you create a business profile, automate messages, and organize your customer chats with labels.

Why would someone use WhatsApp instead of texting?

WhatsApp is encrypted and free to use, whereas traditional texting can incur charges. The platform also has additional safety features not offered by SMS. Last but not least, WhatsApp supports free international messaging and provides a platform for voice and video calls, as well as media sharing (which can cost a lot or exceed file size limits for texts).

Is WhatsApp safe for kids?

WhatsApp can be safe for kids with proper guidance and monitoring from parents. The app offers end-to-end encryption, which helps in keeping conversations private. However, issues such as exposure to inappropriate content, talking to strangers, and cyberbullying exist. There’s also a lot of scamming, fake news, and misinformation on the platform, so it’s important to educate your children about these risks.

That said, WhatsApp doesn’t have any specific parental controls and the app itself recommends that it shouldn’t be used by anyone under 13.

Can WhatsApp protect against government surveillance?

WhatsApp's end-to-end encryption is designed to secure messages against snooping. The app also comes with multiple security features that keep your messages protected. Enabling 2FA and fingerprint protection can help to protect your WhatsApp account from unauthorized access.

That said, WhatsApp itself still collects a lot of your metadata (such as the time of communication and contact details). The platform could potentially share your information with authorities under specific legal circumstances — for example under warrants or subpoenas.

Wrapping Up

WhatsApp offers a high level of security for its users, primarily through its end-to-end encryption feature, which ensures your messages stay unreadable. Its additional security features make the platform safe to use in most everyday situations.

That said, it’s still important to be aware of Meta’s data-logging policies, as well as scams on the platform. Always be cautious about sharing personal information and ensure you’re making the most of the app’s security settings.