Bas Bosschert in a blog post detailed how WhatsApp for Android has security flaws, noting the popular messaging service backs up its messages on the SD cards of devices - which could put the entire message database at risk.
Bosschert said, "The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card. And since majority of the people allows everything on their Android device, this is not much of a problem."
Further, Bosschert explained that how to create an app, which could be used to easily extract a user's WhatsApp database on Android. "The WhatsAppp database is a SQLite3 database which can be converted to Excel for easier access," Bosschert added.
Business Insider quotes Bosschert who said, "People would only see a loading screen when they started the game. They wouldn't notice that their WhatsApp database has been uploaded."
The blog post concludes saying, "So, we can conclude that every application can read the WhatsApp database and it is also possible to read the chats from the encrypted databases. Facebook didn't need to buy WhatsApp to read your chats."
Bosschert has also claimed that the latest WhatsApp update for Android, that added option to hide 'last seen' status and more, has not fixed the security flaw in the app.
It's worth pointing out that many Android apps available on Google Play store ask for permission to access the data on microSD cards.
For those unaware, Facebook in February 2014 announced its acquisition of the mobile-messaging startup WhatsApp for $19 billion in cash and stock, a landmark deal that placed the world's largest social network closer to the heart of mobile communications.