Private WhatsApp groups are easily accessible to the public, DW revealed on Friday.
WhatsApp's "invite to group via link" feature is meant to allow people to share access to their private groups with other people. However, the feature appears to have been indexed by Google's search engine.
Thousands of WhatsApp groups — including private ones — are visible and can be joined after an internet search.
Jane Manchun Wong, who specializes in reverse-engineering apps, found 470,000 group invite links to private groups. These had to be shared online first before being indexed by Google. By making small changes to the URL and search terms, it may be possible to access groups that aren't listed, using a process known as "dorking."
Facebook, which owns WhatsApp, may have known about this problem since at least November 2019, when they appear to have sent a reply to a user who notified them of the issue.
The reply, apparently from Facebook on November 12, 2019, stated that although the company was surprised that links are indexed by Google, the company "cannot completely control what all search engines, Google, and others, index.”
A spokesperson for Facebook/WhatsApp said: "Group admins in WhatsApp groups are able to invite any WhatsApp user to join that group by sharing a link that they have generated. Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.”
DW's Facebook editor Sofia Diogo Mateus said: "The indication that Facebook knew about the issue back in November and the fact the feature has not been disabled means that it is probably a trade-off between enhanced privacy and ease of usability — and Facebook has a history of opting for the latter."