According to a Dutch developer, the privacy settings in WhatsApp are broken. By adding the phone number of user to its open source tool is able to track users and any change of profile picture, privacy settings or statuses.
WhatsSpy Public, the open-source tool, can retrieve anything like the user's profile photos and status messages. It can also retrieve the user's timeline to show when he or she was actually online. The software has to be installed on a server and includes a web interface that continuously tracks the targeted user.
The developer of the tool states he has created the software to demonstrate how broken the privacy settings in WhatsApp are. He explains, “you may disable ‘last seen’, ‘profile picture’ and ‘status’ but this won’t disable this ‘online’ message from showing up. Obviously a lot of people won’t know this still happens, thus creating a pretty broken privacy settings that aren't safe. Due to this feature WhatsSpy can track virtually anyone, because anyone can listen for these events.”
In December last year, researchers at the University of Erlangen-Nuremberg already demonstrated how easy it is to monitor thousands of whatsapp messenger users. The researchers presented the anonymized data from their experiments and explained what WhatsApp should do to truly protect the privacy of users. Unfortunately it seems WhatsApp hasn’t made any changes and everyone can still see if any WhatsApp user is online, just by knowing the phone number. The app, WhatsSpy Public, is freely available and can be downloaded and installed on a web server. You just need a SIM card that you have put in use on WhatsApp, a rooted Android device or jail broken iPhone, and internet access for tracking.
While the method of the researchers required a complex experimental setup with multiple smartphones, WhatsSpy makes it much easier. The software can be installed on a cheap device like the Raspberry Pi and requires only little technical knowledge. Besides a server, WhatsSpy requires a rooted Android smartphone or a Jailbroken Iphone and a secondary WhatsApp account (a phone number not actively used by WhatsApp).
The second WhatsApp account or number is required to avoid the risk of being banned from WhatsApp, although according to the researchers at the University of Erlangen-Nuremberg, this danger is not too big. They monitored hundreds of users for months, without ever having been blocked.