Are you sure those WhatsApp messages are meant for you?

Senior Amazon technical expert Abby Fuller had a bit of a shock when she logged into WhatsApp using a new telephone number earlier this month. She found someone else’s messages waiting for her.

WhatsApp, which Facebook purchased for $19bn in 2014, advertises itself as a secure, reliable messaging app.

The service prides itself on not retaining messages on its servers once they have been delivered. Fuller was using a new telephone number on a new mobile device. Her SIM card was new, and she hadn’t restored any backed-up messages from anywhere. So what gives? How did messages meant for someone else get onto her phone?

WhatsApp ties user accounts to their phone numbers. The problem is that people don’t always keep their phone numbers forever. When someone stops using a number, by ending their smartphone contract for example, it goes back into a pool of numbers and under FCC rules it can be reassigned to someone else after 90 days.

WhatsApp is aware of this, and warns:

Before you stop using a particular phone number, you should migrate your WhatsApp account to the new number.

It even has a Change Number feature to help people switch their accounts from one number to another.

Perhaps the number’s previous owner didn’t do that, but even if they didn’t, the company has a failsafe. It monitors account inactivity and watches for accounts that are unused for 30 days. If someone then activates an account with that number on a different mobile device, WhatsApp removes all the old account data tied to that phone number, including the profile photo and the About section, it says.

Yet Fuller has had her number for longer than that:

One potential explanation is that WhatsApp relies not only on the original owner of the number changing their account but on all of their friends upgrading their account too. It warns:

Whenever a friend gives up a phone number, you should make sure to delete the number from your phone’s address book. As it is common practice for mobile providers to recycle numbers, you may incorrectly identify an account in WhatsApp as your friend’s account, when in fact the account belongs to the new phone number’s owner.

WhatsApp exclusively uses phone numbers to identify accounts and we display the names you have saved in your address book for those contacts.

At least one Twitter user suggested that this might be the root cause:

Since 2016, WhatsApp has used end-to-end encryption, but it uses different encryption keys for each chat, which explains why the messages meant for the number’s previous owner showed in in plaintext on Fuller’s device.

Fuller has been fielding explanations from the Twitterverse about what may have happened all week, but as she points out, it’s WhatsApp’s job to ensure that it doesn’t happen:

My point is that this is not (or should not be) the correct behavior. No one should ever get someone else’s messages.

Creeped out by the whole affair, she quickly deleted the messages, but comments on her Tweets suggested that this is not an isolated event. Several users reported similar issues with WhatsApp:

We may never get to the bottom of what really happened with those errant messages, but it’s quite possible that there’s no easy way to solve the problem. The flaw probably lies in the design principle that ties a person’s identity to an ephemeral data point like a phone number. In 2019, surely there must be a better way to create long-lasting, unassailable identities for people?