A researcher discovered that the Phone Number which is tied with the Whats app account are indexed publicly found on Google search that may be questioned on the privacy policy for the users.
From the report, the Researcher warns about the feature called “click to chat” options which users mainly use in their mobile phone number at risk- Google is allowed to index all the number of everyone who is using this application and anyone can find you on google search after that.
Form the Facebook or as you call whats owner “There is no big deal and that the search results which only reveal what the user wants to share publicly”
A Bug-bounty Hunter “ They discovered the issue which basically said the phone number is leaked and that may put the user security and privacy at risk”
“Click to chat” Offers the website an easy way to initiate a whats app chat session without the website visitor. It works through QR(Quick Response ) code image and that was created by the third-party services and the site owner uses their mobile phone number. The QR code helps visitors to scan the code and directly start the whats app chat session-visitors don’t need the dialed number itself. The Visitor can start access to the phone number once the session starts.
The only issues do not end here. Jayaram mentioned that” The Click to chat metadata has been indexed by the google search engines index and the mobile number comes in Google search results. The phone number which is revealed because of the URL string (https://wa.me/<phone_number>) and after the “leaks” the mobile phone number of WhatsApp users in the plaintext according to me”.
The “wa.me” is owned and maintained by WhatsApp that was mentioned in WHOIS records.
Your mobile number is visible in plaintext in the URL which anyone who gets hold of the URL can know your mobile number. You cannot revoke it.
He mentioned that it was easier for the spammers to compile legitimate phone numbers to mount campaigns that are specially crafted which have search strings of the domain http://wa.me/ around the Google indexed 300,000 WhatsApp phone numbers.
“ As individual phone number is leaked which can attack by the message and call and sell the phone number to marketers, Spammers which can use scammers,” he said
Google Search only revealed the phone number and not the identifies of users that they connected.
The researcher mentioned that ”they are able to to see the user’s profile picture on what’s app along with their phone numbers”
A hacker could reverse image search the user’s profile picture in hopes of collecting enough clues to establish the user’s identity.
Click to chat is used for the WhatsApp user to chat with any user without saving the contact on their phone.
