is aproprietary,cross-platform instant messagingapplication
forsmartphones. In addition to text messaging, users can send each other images,video, and audio media messages. The client software is available forAndroid,BlackBerry OS,BlackBerry 10,iOS,Series 40,Symbian (S60), andWindows Phone.
WhatsApp Inc. was founded in 2009 byBrian ActonandJan Koum, both veterans of
, and is based in Santa Clara, California.
Competing with a number of Asian-based messaging services (likeLINE,KakaoTalk ,
andWeChat), WhatsApp was handling ten billion messages per day as of August2012,
growing from two billion in April 2012
and one billion the previousOctober.
According to the
, WhatsApp "has done toSMSonmobile phones whatSkypedid to international calling on landlines."WhatsApp uses a customized version of the open standardExtensible Messaging andPresence Protocol (XMPP).
Upon installation, it creates a user account using one'sphone number as username (JabberID:
).WhatsApp software automatically compares all phone numbers from the device'saddress book with its central database of WhatsApp users to automatically addcontacts to the users WhatsApp contact list. Previously the Android and s40 versionsused anMD5-hashed, reversed-version of the phone'sIMEIas password,
while theiOS version used the phone's WiFiMAC addressinstead of IMEI.
A recentupdate now generates a random password on the server side.
Multimedia messages are sent by uploading the image, audio or video to be sent to aHTTP serverand then sending alink to the content along with itsBase64 encoded
thumbnail (if applicable).
Until August 2012, messages were sent in unencrypted plain-text format, making thesystem vulnerable tosession hijacking.
As of August 15, 2012, the WhatsAppSupport Staff claims messages are encrypted in the "latest version" of the WhatsAppsoftware for iOS and Android (not including BlackBerry, Windows Phone andSymbian),without specifyingthe implemented cryptographic method.
See also:Mobile security In May 2011, a security hole was reported in WhatsApp which left user accounts openfor hijacking.
Since May 2011, it has been reported that communications made byWhatsApp are not encrypted, and data is sent and received in plaintext, meaningmessages can easily be read if packet traces are available.
According to some sources, it is believed that the hijacking hack was performed, andlater fixed by helping WhatsApp reproduce it on Android and Symbian, by Liroy vanHoewijk, CEO of CoreISP.net.
Then, in May 2012 security researchers notedthat new updates of WhatsApp no longer sent messages as plaintext,
however, the cryptographic method implemented was subsequently described as"broken".