A couple of years ago, the question “is it safe to use WhatsApp” seemed theoretical — like, “well, this is a large, well-known service, everything should be protected there.” But after multiple scandals and privacy concerns, even the calmest users started looking for WhatsApp alternatives and asking the obvious question — is WhatsApp still safe to use?
- An increase in the number of cyber threats and data leaks. Social engineering, phishing, fake links, hacking through vulnerabilities in calls — all this has already happened with WhatsApp. And add to this the leakage of backups in the clouds and large—scale draining of phone numbers on the darknet – and the question ceases to be rhetorical.
- WhatsApp as the most popular messenger in the world. Popularity is a double—edged sword. On the one hand, you have a convenient tool through which you can contact almost anyone. On the other hand, it becomes the “number one target” for hackers, fraudsters and even government agencies. The more users there are, the more interest there is in the platform.
- Myths about “total security” and “total surveillance.” Some believe that WhatsApp, with its end-to-end encryption, is impregnable. Others say it’s a “hole in the fence” through which all correspondence is read on Facebook/Meta or by special services. However, as usual, somewhere in the middle. To figure it out, you need to understand what exactly the service protects and what does not.
How Encryption Works In WhatsApp
To explain it without technical mush, end-to-end encryption is like putting a letter in a safe, locking it with a key and sending it to the recipient, who has a second key. Neither the postman, nor the delivery service, nor even the owner of the post office can read what’s inside.
What it protects:
- Text messages.
- Voice and video calls.
- Photos, videos, and documents sent to the chat.
All this is encrypted directly on your device and decrypted only on the recipient’s device. Even WhatsApp servers only see “a set of incomprehensible characters.”
What it doesn’t hide. Encryption is not the invisibility cloak from Harry Potter. It does not protect:
- Metadata — who writes to whom, when, and how often.
- A list of contacts that is synchronized with the servers.
- Your activity time — whether you were online when you read the message.
That is, outsiders cannot read the text of the correspondence, but they can understand that, for example, you communicate with a specific person every evening at 22:30. And this is valuable information.
Metadata: Information That WhatsApp Sees
Many people think, “Well, since I have end-to-end encryption, they don’t know anything about me.” In fact, metadata is almost like a shadow that always goes with you, even if no one sees your face.
What is included in the metadata.
- Your IP address (which means your approximate location).
- Device model and type, operating system version.
- The time of entry and exit from the application.
- Phone numbers from your address book (not the contents, but a list of numbers).
How they can be used.
- Analyze the frequency and duration of communication, for example, to build a “social graph” of your connections.
- Determine your geographical activity (where you are and at what time).
- Draw conclusions about behavior — even without reading the messages.
The metadata does not contain the actual text of the conversation or the photo. But in the right hands, they can tell you almost as much. Imagine: if someone sees that you often communicate with the same person, knows when and from where, the picture adds up. Without going into the content, you can understand a lot.
Does WhatsApp Notify Screenshots?
This question arises for many, especially when it comes to personal or confidential correspondence: “What if I take a screenshot and the person finds out?” or vice versa — “And if he takes a screenshot, will I receive a notification?”. Is WhatsApp safe for taking sreenshots?
The short answer is that WhatsApp does not send screenshot notifications in regular chats. You can take a screenshot of a conversation, photo, or status, and the other person won’t know about it. The same thing works in the opposite direction: if someone saves your content through a screenshot, you won’t receive any signals.
But there is an important exception. In 2022, WhatsApp added the View Once feature for photos and videos. This is when you send a media file that can only be opened once, and it disappears after viewing. The screenshots are already limited here:
- On Android and iOS, when you try to make a screenshot of such a file, WhatsApp simply blocks this function.
- The recipient will not be able to take a picture — the system will issue a warning or will not allow you to save the screen.
- And yes, notifications about an attempt to take a screenshot are not sent, just a screenshot will not work.
What does this mean in practice
- If you want maximum control so that the picture or video does not remain with the recipient, use View Once.
- Remember that there is no absolute protection: you can take a picture of the screen with another phone or record a video from the camera.
- For regular messages and media, always follow the principle that everything you send can theoretically be saved.
Bottom line: WhatsApp does not turn correspondence into a “video surveillance zone”, and screenshots in standard chats are not tracked in any way. But there is protection from screenshots for individual photos and videos, albeit with limitations.
Vulnerabilities And Real Cases Of WhatsApp Hacking
Even a messenger with a billion-dollar audience and high-profile security claims has its weaknesses. WhatsApp’s history has seen several high-profile cases where vulnerabilities have been turned into weapons. Is WhatsApp safe from hacks? Definitely no.
- An example of a 2019 vulnerability in audio calls. In the spring of 2019, it became known that through WhatsApp, you can infect your phone with spyware, even if you did not pick up the phone. It was enough for the attacker to try to call you. The vulnerability exploited an error in processing audio packets, and as a result, a malware capable of reading correspondence, including a microphone and camera, was loaded into the phone’s memory. The problem was quickly fixed with an update, but the fact itself showed that sometimes the hole is not in your caution, but in the application code itself.
- Phishing attacks through fake links. WhatsApp is a great phishing environment: you get a link from someone you know (and their account has already been hacked), go through, and you get to a copy of the login page where you enter your code or data. That’s it, the account goes to the attacker. Often such links are disguised as “bonuses”, “promotions” or “urgent notifications” — human curiosity works better than any exploit database.
- Infection via backups in the cloud. Even if the correspondence is protected by end—to-end encryption, backups in Google Drive and iCloud are a separate story. They are encrypted in a different way, and in the case of outdated settings, they can be stored in a relatively “soft” form. If an attacker gains access to your cloud (through email hacking, SIM swapping, or password leakage), they will be able to download the archive and view the contents of the chats.
How To See Deleted Messages In WhatsApp
Since the “Delete from all” feature appeared on WhatsApp, the correspondence has become a bit like a detective series: you receive a notification, open the chat, and it’s empty and says “This message has been deleted.” And, of course, the questions immediately come to mind: “What was there?”, “Why was it deleted?” and “Is there any way to look at it?”. Is WhatsApp safe from seeing things that shouldn’t be seen?
To be honest, WhatsApp does not provide a built-in way to return a deleted message in the chat itself. When the sender deletes a text or file, the application removes it from the server and from your device. But there are nuances and workarounds that allow you to at least partially restore what was lost.
- How deleted messages work
- The “Delete for all” function is triggered within about two days after sending (previously it was only an hour).
- After deleting, the system label remains in the chat: “This message has been deleted.”
- Inside WhatsApp, the content really disappears — even after a backup, it will not be restored (if the copy is made after deletion).
- Reading through notifications (Notification History)
- Android and iOS handle incoming notifications differently. On Android, if the notification has already arrived and you haven’t deleted it, the text may remain in the notification log.
- Some Android devices have a built-in Notification History feature, where you can see the content even after the message has been deleted.
- There are also third-party applications that save notifications, such as Notisave or Notification History Log. They only work for new messages that have managed to get into the notification curtain.
- Minus: this method will not help for media (photos, videos, audio) — only text is stored in the notification.
- Backup and rollback the chat, WhatsApp makes automatic backups (to Google Drive or iCloud, depending on the platform). If a copy was created before the message was deleted, you can restore the chat:
- Delete WhatsApp from your phone.
- Install it again and agree to restore from the backup the first time.
- After undoing the correspondence at the time of backup, the deleted message will be back in place.
- Minus: you will lose all new messages received after the backup date.
- Chats in notifications and widgets, on Android, you can add a WhatsApp widget to your desktop. It often displays part of the conversation even after deleting messages. Sometimes the text stays in the widget until it is updated.
- Limitations and risks
- No method guarantees the recovery of all deleted messages.
- Photos and videos that have been deleted from everyone are more difficult to recover — only if you have already uploaded them to the gallery or you have media auto-upload enabled.
- Third-party recovery applications can collect your personal data, so you should use only verified and with minimal permissions.
- The moral side of the issue
- Technically, it is possible to configure the system to read deleted messages, but this is not always ethical. People delete them for various reasons, from a trivial typo to sending them to the wrong chat. And although curiosity is a normal reaction, it’s important to understand boundaries.
There is no direct “show deleted” button in WhatsApp, but with the help of notification history, backups and widgets, you can catch some of these messages. However, there is no absolute way to “return everything” — and perhaps this is even for the best.
Facebook/Meta Data Transfer
WhatsApp belongs to Meta (formerly Facebook), and this imposes its own nuances on privacy.
WhatsApp’s official documents state that the contents of the conversations remain private and are protected by end-to-end encryption. However, it is stipulated that certain technical and service data can be transferred to Meta in order to “improve the operation of services” and “integrate functions.”
What data can be transmitted:
- Phone number and numbers from your address book (in hashed form).
- Information about the device (model, OS, application version).
- IP address and other network data.
- Activity data: when you were online when you read the message.
- Payment information if you use the built-in WhatsApp payment system.
There are differences in the rules for different regions:
- EU: GDPR applies — stricter requirements for data collection and transfer. Here, WhatsApp is required to clearly explain what is being assembled and how it is being used.
- USA: the regulation is softer, there is more freedom for integration of Meta services.
- Russia and a number of Asian/African countries: conditions depend on local laws and often allow data transfer at the request of the authorities or storage on local servers.
Bottom line: WhatsApp doesn’t really read the text of the correspondence, but auxiliary data about you may end up in the hands of the parent company and be used for targeting or analytics.
WhatsApp Backups And Their Risks
Many people believe that by enabling chat backups, they only make things better — “let everything be stored just in case.” But there is a shadow side to this feature. Is WhatsApp safe from losing data?
- Why are cloud backups not encrypted end-to-end by default? End-to-end encryption protects on-the-go conversations, but when uploaded to Google Drive or iCloud, a copy is already stored under the protection of a cloud provider. Google or Apple may have the keys to this data, which means that under certain circumstances (account hacking, court request, leak) access to the content is possible.
- How they can be encrypted. WhatsApp has recently added a feature to encrypt backups with a password or key that is stored only with you. You can enable it in the settings: Chats → Backup → End-to-end backup encryption. After that, even Google or Apple won’t be able to decrypt the content. But there is a risk: loss of password = loss of access to the copy.
What happens if an attacker gets access to the cloud?
- If the backup is not encrypted, it will be able to download the archive and open chats, media, and attachments.
- Even with encryption, if the password is weak, there is a chance of brute force hacking.
- With full access to the cloud, the attacker can also delete or replace the backup, which will complicate data recovery.
The Dangers Of Public And Shared Wi-Fi Networks
Public Wi-Fi in a cafe, airport or hotel is like a free buffet: it seems convenient, but you never know who cooked the food and what was mixed in there.
If the network is open (without a password or with a simple WPA2 without client protection), an attacker at the same access point can intercept data packets. This is called sniffing, which is essentially “eavesdropping” on a digital conversation. In the old protocols, the data was in the clear, and passwords could be caught like seeds. Today, thanks to HTTPS and end-to-end encryption in messengers, intercepting the contents of correspondence has become more difficult, but metadata and unencrypted connections are still visible.
Why risks remain even with end-to-end encryption
- Your metadata (who connects and where) is not always hidden.
- You can launch an “evil twin” Wi-Fi with a similar name (Evil Twin) so that you can connect to a fake network through which all traffic can be routed and analyzed.
- Public networks often use the captive portal (login page) — phishing elements can be embedded in it.
How to minimize the threat
- Always use a VPN in open networks — it encrypts all traffic.
- Check which network you are connecting to (especially the name and owner).
- Disable automatic connection to familiar Wi-Fi.
- For proxy-enabled messengers (including WhatsApp in some countries), you can configure SOCKS5 for an additional level of protection.
Social Engineering And WhatsApp Fraud
Sometimes it makes no sense to crack ciphers if you can crack… a person. This is exactly what social engineering is built on — a set of techniques where an attacker forces you to voluntarily give up access.
- Theft of accounts via a confirmation code. The classic scheme is: they call or write to you, introduce themselves to WhatsApp employees or acquaintances, and ask you to name the code from the SMS “for confirmation.” In fact, this code is used to log into your account on someone else’s device. As soon as you send it, your WhatsApp will be in the hands of an attacker, and you will be immediately kicked out of the application.
- Cheating with “a friend in trouble”. You receive a message from a friend: “I’m in trouble, transfer the money urgently.” It looks like a real conversation, but in fact the friend’s account has already been stolen. Scammers play on emotions: the less you think, the faster they will receive the transfer.
The role of common sense and checks
- Never transmit confirmation codes.
- Check any urgent requests for money by calling, preferably through another communication channel.
- Pay attention to the writing style: mistakes, unusual references, strange references are all warning signs.
Security Settings That Should Be Enabled
WhatsApp provides several simple but powerful tools that can protect you from hacking or data leakage. The main thing is not to be lazy to turn them on.
- Two-factor authentication (2FA)
- It is enabled in the security settings.
- When logging in on a new device, you will have to enter an additional PIN in addition to the SMS code. Even if an attacker steals a SIM card, they won’t be able to log in without a PIN.
- Setting up profile privacy and statuses
- In the Privacy section, you can hide photos, status, and last visit time from all but selected contacts.
- This reduces the amount of information that outsiders (including fraudsters) can collect.
- Restriction of adding to groups
- Go to “Privacy” → “Groups” and select who can add you there.
- This will protect you from getting into mass spam chats or fake mailings, through which viral links are often distributed.
What Is A Six-Digit WhatsApp Code?
If you’ve ever logged into WhatsApp on a new phone or after reinstalling the app, you’ve definitely come across this moment: a window appears on the screen where you need to enter a six-digit code. For some, this is a common formality, but for others it’s a mystery: “Where does it come from, why is it needed, and what happens if you enter the wrong one?” Is WhatsApp safe because of these codes?
What kind of code is this in general
The six—digit WhatsApp code is a one-time confirmation code that the service sends to your phone number when you try to log in to your account. It comes either as an SMS or via voice call with an automatic speaker. This is not a password or PIN, but a key for one-time authorization, so that WhatsApp can make sure that the number you log in to really belongs to you.
Why is it needed
- Verification of number ownership. WhatsApp wants to make sure that you have access to a SIM card, not just knowledge of someone’s phone.
- Account theft protection. Without this code, it is impossible to simply “transfer” your account to another phone.
- Start of an encrypted session. After entering the code, WhatsApp creates an encryption key pair between you and your contacts, which is where secure correspondence begins.
Why is this code a target for scammers
Attackers often try to trick people out of this code in order to intercept an account. The schemes can be different:
- You get a call from WhatsApp or the operator’s technical support staff: “The code is coming now, name it to confirm security.”
- Writes a “friend” (in fact, his account has already been hacked) and asks to forward the code “it came to you by mistake.”
- They come up with stories about participating in a contest, drawing, or technical work.
There is only one rule: this code must not be shared with anyone. Even if you get a call from an “official” number or text from a familiar chat.
Connection with two-step verification
- WhatsApp has a two-step verification (two-factor authentication) feature. When you turn it on, in addition to the six-digit code from the SMS, you need to enter your own PIN, which you came up with yourself.
- Even if an attacker finds out the code from an SMS, they still won’t be able to log in without your PIN.
- This protection is especially important if your number can be cloned via SIM swapping.
What happens if you enter the code in the wrong place or incorrectly several times?
- If you enter the wrong code, the login will simply not take place.
- Several incorrect attempts in a row — and WhatsApp temporarily blocks the possibility of re-entry (sometimes for an hour or more). This is a protection against selection.
- If someone tries to log into your account and you receive an SMS with a code, just ignore it, which means it was a hacking attempt.
How to protect your code and account
- Never forward the code to third parties — neither friends, nor the “support service”.
- Enable two-step verification in the security settings.
- Keep an eye on the SIM card: do not lose it and make sure that no duplicate is issued to you without your knowledge.
- If the code arrives unexpectedly, without your attempt to log in, this is a reason to be on your guard.
The six—digit WhatsApp code is not just a formality, but the key to your account. Losing this key into the wrong hands means losing access to your correspondence, and sometimes even allowing scammers to pose as you. Keep it secret in the same way as bank passwords, and enable additional layers of protection.
WhatsApp Comparison With Alternatives
When it comes to messenger security, Signal, Telegram, and Viber are usually mentioned in the same list as WhatsApp. And here it is important to understand: there is no ideal, everyone has their own strengths and weaknesses.
Signal is a favorite of privacy experts
- Advantages: By default, everything from texts to calls is encrypted end—to—end. There are no ads, no metadata collection (the developers don’t even keep a list of your contacts, just a hash). The code is completely open.
- Cons: there are fewer functions than WhatsApp and Telegram, and a small audience — not everyone you know is there.
Telegram is functional and fast, but with its own nuances
- Advantages: cloud storage of chats (accessible from any device), powerful channels and bots, fast updates.
- Disadvantages: end-to-end encryption is enabled only in “secret chats”, regular correspondence is stored on Telegram servers. Metadata and chat contents are stored centrally, albeit in encrypted form.
Viber is an old—timer with a wide reach
- Advantages: support for end-to-end encryption, user-friendly interface.
- Cons: a lot of unnecessary notifications, embedded advertising, and a controversial reputation for privacy (especially in the early years).
| Feature / Criteria | Signal | Telegram | Viber | |
|---|---|---|---|---|
| End-to-End Encryption (E2EE) | Default for all chats & calls | Default for all chats & calls | Only in “Secret Chats” | Default for all chats & calls |
| Metadata Collection | Yes – stores contact hashes, IP logs | Minimal – stores only registration date | Yes – stores metadata on cloud servers | Yes – moderate amount |
| Cloud Storage of Chats | No – only device + optional backup | No cloud storage | Yes – default for all non-secret chats | No – only device + optional backup |
| Open Source Code | Partially (protocol open, app closed) | Fully open source | Partially open | No |
| Extra Features | Voice/video calls, Status updates | Focus on privacy, minimal features | Channels, bots, large file sharing | Stickers, communities, in-app shopping |
| Audience Size | Very large (over 2B users) | Smaller, niche privacy audience | Large, fast-growing | Large in some regions |
| Best For | Everyday use with strong E2EE | Maximum privacy with basic features | Rich features & multi-device access | Casual chats & multimedia sharing |
There is always a compromise between privacy, convenience and functionality. Signal is maximally protected, but it is “empty” in terms of functions. Telegram provides freedom and convenience, but stores correspondence in the cloud. WhatsApp balances between simplicity and protection, but it belongs to a large corporation, which is already a minus for many.
Psychological Safety And Digital Hygiene
We often talk about technical protection, but we forget about psycho-emotional protection. The messenger can be encrypted to the teeth, but you will still feel tired and overloaded.
- The pressure of constant availability. It’s easy to fall into the “always online” trap on WhatsApp. Colleagues, clients, friends — they all see when you are online, and they are waiting for an answer “here and now”. This creates the feeling that you need to be in touch all the time, even at night.
- How groups and mailing lists affect noise. Large chats, family groups, endless memes and videos — all this turns WhatsApp into a constant distraction. Information noise is no less harmful than a virus in a phone: it steals attention and time.
- Why should you be able to “turn off” the messenger? Sometimes it’s better to put your phone in Do Not Disturb mode, or at least turn off notifications from individual chats. This is not about impoliteness, but about personal boundaries and digital hygiene. You need to protect not only your data, but also your attention.
Is WhatsApp Safe to Use Conclusion
WhatsApp is not a mythical “hole in the fence” through which everything will flow, but it is also not an impregnable fortress. It is a handy tool with its own strengths and limitations.
He’s not perfect.
Yes, the correspondence is protected by end-to-end encryption, but the metadata is collected. Yes, there are security features, but they only work if you enable them.
The user’s role in data protection.
50% of the security is provided by the service itself, and the remaining 50% is provided by your habits. You decide which settings to activate, who to share information with, and how to respond to suspicious requests.
You can use WhatsApp safely if you understand its boundaries and complement it with other protection tools, from VPN and two—factor authentication to the ability to simply turn off notifications in time. Security is not a button, but a process in which both you and your service partners participate.
Frequently Asked Questions
What does one checkmark mean on WhatsApp?
One checkmark on WhatsApp means your message has been sent but not yet delivered to the recipient.
What is 6 digit code for WhatsApp?
6-digit code for WhatsApp is a verification code sent to your phone number to activate WhatsApp on a new device.
How to see deleted messages on WhatsApp?
To see deleted messages on WhatsApp, you can use notification history (if enabled) or third-party apps (not recommended for security).
Does WhatsApp use data?
Yes, WhatsApp uses data (mobile or Wi-Fi) for messages, calls, and media. It doesn’t work without an internet connection.
How to check my number on WhatsApp?
To check your number on WhatsApp, go to Settings > Profile (your number will be displayed at the top).
Do WhatsApp notify screenshots?
WhatsApp does not notify screenshots for chats, but it does for *View Once* photos/videos.
How to record a WhatsApp call?
To record a WhatsApp call, use a screen recorder (Android/iOS) or a call recording app (check local laws first).
