When WhatsApp added end-to-end encryption to every conversation for its billion users two years ago, the mobile messaging giant significantly raised the bar for the privacy of digital communications worldwide.

But one of the tricky elements of encryption—and even trickier in a group chat setting—has always been ensuring that a secure conversation reaches only the intended audience, rather than some impostor or infiltrator. And according to new research from one team of German cryptographers, flaws in WhatsApp make infiltrating the app's group chats much easier than ought to be possible.

More than one million people were tricked into downloading a fake Android app that was pretending to be WhatsApp. The app was called "Update WhatsApp" and is still on the Play Store, although the developer has now changed its name to "Dual Whatsweb Update" and switched the icon, which doesn't look like the WhatsApp icon anymore.

But before its facelift, the app mimicked WhatsApp in a clear attempt to trick users into downloading it thinking they were downloading an update for the popular messaging app, according to users who reviewed the app on the Play Store, and users on Reddit, who flagged the malicious app. 

WhatsApp Messenger, WinZip, and Where's My Droid Pro have made the list for the most blacklisted iOS and Android apps in enterprise environments.

Mobile security firm Appthority launched the latest Enterprise Mobile Security Pulse Report, a glimpse into how enterprise players tackle mobile security and network threats by banning apps considered to be a threat from accessing corporate resources and platforms. Corporations can blacklist mobile applications for a variety of reasons. Known security holes and vulnerabilities or ways for confidential information to be leaked, a lack of secure communication and encryption.

Italy's antitrust watchdog said it was imposing a 3 million-euro fine on messaging service WhatsApp for allegedly obliging users to agree to sharing their personal data with its parent company Facebook.

All 28 European Union data protection authorities asked WhatsApp last year to stop sharing users' data with Facebook due to doubts over the validity of users' consent. The Italian agency said the application led users to believe they would not have been able to continue using the service unless they agreed to terms including sharing personal data. A spokesperson for WhatsApp said: "We're reviewing the decision and we look forward to responding to officials."

Germany's consumer watchdogs have made good on their legal threat against Facebook's WhatsApp, suing the messaging giant over the user data it transmits to its social-networking mothership.

The Federation of German Consumer Organisations (VZBV) asked the Berlin county court for an injunction to stop the data-sharing, and to ensure that Facebook deletes the data that WhatsApp has already given it. The VZBV accused the companies of abusing users' trust. The move follows Facebook's failure to agree to a cease-and-desist request that the VZBV issued in September last year, a month after Facebook changed WhatsApp's terms to allow the data-sharing.

Today, researchers at Check Point Security announced a new attack against WhatsApp and Telegram, targeting the way both chat services process images and multimedia files.

In the WhatsApp case, Check Point was able to craft a malicious image that would appear normal in preview, but direct users to a malware-laden HTML page. Once loaded, the page will retrieve all locally stored data, enabling attackers to effectively hijack the user’s account. The vulnerability was reported to both services on March 8th, and both have changed their file upload validation protocols to protect against the attack.

A pretty dumb WhatsApp scam is making rounds in chain mail form, promising "free internet" without Wi-Fi on an invite-only basis. First of all, the scam is quite dumb to begin with because the only way to use WhatsApp without Wi-Fi is to have a cellular data connection and WhatsApp cannot offer data - it's just an app, not a provider.

Secondly, the scam is spreading because it prompts victims to forward the message to 13 friends or five groups on WhatsApp to activate the "free internet." As usual, the message spreads via WhatsApp groups or comes from a friend who 'recommends' the service - often unaware of it. In this case, you receive a special invitation with a link.

Deutsche Bank AG has banned text messages and communication apps such as WhatsApp on company-issued phones in an effort to improve compliance standards. The functionality will be switched off this quarter, chief regulatory officer Sylvie Matherat and chief operating officer Kim Hammonds told staff in a memo.

Unlike e-mails, text messages can’t be archived by the bank, said a person with knowledge of the matter who asked not to be identified discussing internal matters. “We fully understand that the deactivation will change your day-to-day work and we regret any inconvenience this may cause,” Matherat and Hammonds said.

A security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service. Facebook claims that no one can intercept WhatsApp messages, not even the company and its staff.

But new research shows that the company could read messages due to the way WhatsApp has implemented its end-to-end encryption protocol. Privacy campaigners said the vulnerability is a “huge threat to freedom of speech” and warned it could be used by government agencies as a backdoor to snoop on users who believe their messages to be secure.

European Union privacy chiefs said Facebook Inc. must stop processing user data from its WhatsApp messaging service while they are investigating the privacy policy changes the company announced in August.

The Article 29 Working Party, made up of privacy chiefs from across the 28-nation EU, told Facebook it had “serious concerns” about the sharing of WhatsApp users’ data for purposes that were not included in the terms of service and privacy policy when existing users signed up to the service. European privacy watchdogs don’t shy away from targeting big US technology firms, as previous probes into Facebook, Alphabet Inc.’s Google or Microsoft Corp. have shown.