Senior Amazon technical expert Abby Fuller had a bit of a shock when she logged into WhatsApp using a new telephone number earlier this month. She found someone else’s messages waiting for her.
logged into whatsapp with a new phone number today and the message history from the previous number's owner was right there?! this doesn't seem right.— Abby Fuller (@abbyfuller) January 11, 2019
WhatsApp, which Facebook purchased for $19bn in 2014, advertises itself as a secure, reliable messaging app.
The service prides itself on not retaining messages on its servers once they have been delivered. Fuller was using a new telephone number on a new mobile device. Her SIM card was new, and she hadn’t restored any backed-up messages from anywhere. So what gives? How did messages meant for someone else get onto her phone?
WhatsApp ties user accounts to their phone numbers. The problem is that people don’t always keep their phone numbers forever. When someone stops using a number, by ending their smartphone contract for example, it goes back into a pool of numbers and under FCC rules it can be reassigned to someone else after 90 days.
WhatsApp is aware of this, and warns:
Before you stop using a particular phone number, you should migrate your WhatsApp account to the new number.
It even has a Change Number feature to help people switch their accounts from one number to another.
Perhaps the number’s previous owner didn’t do that, but even if they didn’t, the company has a failsafe. It monitors account inactivity and watches for accounts that are unused for 30 days. If someone then activates an account with that number on a different mobile device, WhatsApp removes all the old account data tied to that phone number, including the profile photo and the About section, it says.
Yet Fuller has had her number for longer than that:
This number has been mine > 45 days (multiple month). Seems like the messages should have been wiped with the account but weren't (or were resent). Either way, account should have been wiped and was not. https://t.co/XmG1P1zPO2— Abby Fuller (@abbyfuller) January 11, 2019
One potential explanation is that WhatsApp relies not only on the original owner of the number changing their account but on all of their friends upgrading their account too. It warns:
Whenever a friend gives up a phone number, you should make sure to delete the number from your phone’s address book. As it is common practice for mobile providers to recycle numbers, you may incorrectly identify an account in WhatsApp as your friend’s account, when in fact the account belongs to the new phone number’s owner.
WhatsApp exclusively uses phone numbers to identify accounts and we display the names you have saved in your address book for those contacts.
At least one Twitter user suggested that this might be the root cause:
The only explanation I can think of here is that they were sent *after* the previous owner stopped using it. They stayed with one tick, and got resent when you registered. So it’s not going to happen with any of your messages that you actually received.— Filippo Valsorda 🇮🇹 (@FiloSottile) January 11, 2019
Since 2016, WhatsApp has used end-to-end encryption, but it uses different encryption keys for each chat, which explains why the messages meant for the number’s previous owner showed in in plaintext on Fuller’s device.
Fuller has been fielding explanations from the Twitterverse about what may have happened all week, but as she points out, it’s WhatsApp’s job to ensure that it doesn’t happen:
My point is that this is not (or should not be) the correct behavior. No one should ever get someone else’s messages.
Creeped out by the whole affair, she quickly deleted the messages, but comments on her Tweets suggested that this is not an isolated event. Several users reported similar issues with WhatsApp:
For the past 1.5 years I've been getting messages to a previous number holder and often get added to chat groups by their friends and family.— Dave Hogue ⚜️ 🏳️🌈 (@DaveHogue) January 11, 2019
Oh, the havoc I could wreak...
I hate with whatsapp that the number is the id. My little girls sent a happy birthday video to their cousin via whatsapp. But he had cancelled his number and stopped using whatsapp. I only realised later they sent the video to a random man who now had his number 🙁— Ivar Abrahamsen (@flurdy) January 11, 2019
Scarier was that in whatsapp the thread has all the older messages, still listed under my nephew's name as I guess it used the phone's contacts, except that the photo had changed to some 20 year oldish wannabe gangster. I just thought my 12 year old nephew was trying to be cool— Ivar Abrahamsen (@flurdy) January 11, 2019
We may never get to the bottom of what really happened with those errant messages, but it’s quite possible that there’s no easy way to solve the problem. The flaw probably lies in the design principle that ties a person’s identity to an ephemeral data point like a phone number. In 2019, surely there must be a better way to create long-lasting, unassailable identities for people?