Categories: NewsTech

[UPDATED] PSA: Don’t use this WhatsApp feature if you want to keep your number private

[ UPDATE 11/06/2020 15:17 ]: WhatsApp has since rectified the issue, with phone numbers from Click to Chat no longer indexed in Google Search results. For the full story, click here.

===

If you’ve been using the Click to Chat feature on WhatsApp, this might come as a shock to you. Security researcher Athul Jayaram recently shared that using the feature—widely-used by business accounts on the messaging platform—puts the privacy of your phone numbers at risk. Athul considers the issue to be a bug, although WhatsApp’s parent company Facebook has rejected the researcher’s claim via its bug bounty program.

Regardless, the issue is still one that should concern anyone who uses the feature. The feature is often used by business users such as e-commerce sites, and Athul says that it could lead to potential abuse and fraud from malicious parties.

So, how does it work?

Have you ever been on an e-commerce site, and there’s a prominent button that directly opens a chat on WhatsApp with the merchant/vendor? Or perhaps you’ve seen the Click to Chat button on one of the various property listing websites, where a quick press of a button puts you in contact with a realtor?

Athul says that this very feature puts the privacy of these phone numbers at risk, because the numbers end up being indexed in Google Search results. Google indexes Click to Chat metadata, which means that the numbers can be seen as part of a URL for the Click to Chat function. Eg. https://wa.me/<phone number>

What’s rather worrying is that users who utilise Click to Chat won’t be able to do anything about it, with the private number displayed in full within the URL:

“Your mobile number is visible in plain text in this URL, and anyone who gets hold of the URL can know your mobile number. You cannot revoke it.”

However, it’s worth noting that the public access to these numbers does not extend to the identity of users, only their phone numbers. This is because WhatsApp—unlike many messenger platforms—identifies users by their phone numbers. Users’ profile photos and phone numbers are still accessible, though. Depending on your profile privacy settings, this also means that a perpetrator could do a reverse search with your profile picture, and eventually discover your identity.

This, of course, opens up the door to potential scams and fraud. Access to thousands, if not millions of genuine phone numbers could be sold to malicious parties, and identity theft is also a concern here.

What is WhatsApp doing about this?

Well, WhatsApp actually advertises this as a feature, and to be fair, the FAQ section makes it clear that your phone number will be included in the URL.

“WhatsApp’s click to chat feature allows you to begin a chat with someone without having their phone number saved in your phone’s address book. As long as you know this person’s phone number and they have an active WhatsApp account, you can create a link that will allow you to start a chat with them. By clicking the link, a chat with the person automatically opens. Click to chat works on both your phone and WhatsApp Web.”

Additionally, WhatsApp says that users can simply block unwanted messages easily, and that the numbers have been made public by choice. As such, Athul’s discovery won’t be rewarded with a bounty “since it merely contained a search engine index of URLs that WhatsApp users chose to make public”.

Regardless, for a messaging platform that touts its encryption and privacy measures, this is rather worrying. While there isn’t technically anything sketchy going on here, it’d be wise to be careful when using the Click to Chat feature—especially now that you know that your numbers are indexed for public Google Search.

[ SOURCE ]

Recent Posts

Jaecoo J5 EV: First look at the potential Proton e.MAS and BYD challenger

Jaecoo J5 EV has made its first official appearance in Malaysia, allowing the public to…

15 hours ago

DC Handal turns on EV Chargers at Zenith Hotel Cameron

If you're heading to Cameron Highlands with an EV, there are now more EV charge…

20 hours ago

ChargEV turns on 6 EV Charge Points at Aeon Mall Ipoh Station 18

ChargEV continues to deploy more EV chargers at Aeon Mall premises. Shortly after turning on…

1 day ago

Malaysia EV registrations nearly double in June 2026, Proton e.MAS 5 leads again

Malaysia's electric vehicle (EV) market continue to show strong momentum in June 2026, with 6,215…

2 days ago

Mercedes-AMG CLA 45 goes electric with 671hp and AMG four-cylinder sound

Mercedes-AMG has unveiled the new CLA 45 4MATIC+, and for the first time, it is…

2 days ago

Tesla Model Y Long Range AWD discontinued from Malaysia lineup, inventory units still available

Tesla Malaysia has removed the Model Y Long Range AWD from its online configurator, leaving…

2 days ago

This website uses cookies.