WhatsApp is a widely-used messaging app with end-to-end encrypted conversations and calls, significantly reducing content-level privacy risks. However, Meta's ownership enables substantial metadata collection (contacts, location, call patterns, device identifiers), and the app requests 10 dangerous permissions with all granted. The combination of metadata harvesting and Meta's ad-targeting ecosystem places it in the MEDIUM risk category - acceptable for most users but with notable privacy trade-offs.
How we got to 39.
10 dangerous permissions including location, contacts, SMS, phone state
Phone number, contacts, call metadata, location, device IDs, connection patterns
Firebase Analytics, Meta SDK, FCM, Google Sign-In, Google Maps
Signal Protocol E2E for all messages, calls, groups, and status updates
Metadata integrated into Meta ad network for cross-platform profiling
Frequent security updates, no known unpatched vulnerabilities
GDPR fines, investigations in EU, India, UK over metadata practices
Real-time location sharing with Google Maps integration
Hidden inside the code.
What it asks for.
Precise GPS for location sharing features
Reads phone number and device identifiers
Can intercept incoming SMS messages
Can send SMS without user interaction
From the scan.
Keep reading.
How to detect spyware on Android, for real this time
Forget battery drain tips. Here is what actually works to find spyware and hidden trackers on your Android phone, step b...
What is a tracker in an app, and why should you care
Trackers are code libraries hidden inside apps that collect your data for third parties. Here is how they work, what the...
Similar risk profiles.
Scan WhatsApp yourself.
Get the full report on your device - with real-time DEX analysis, permission auditing, and breach monitoring. Free, no account needed.