Earlier today it was reported that Google indexed most private WhatsApp group invite URLs and showed them in search results, letting anyone join the private group and get access to their members, contact numbers and chat content. While Google said that it lists all such links that are posted by users on the web, the question on security came on to WhatsApp and how it plans to solve the problem. It looks like the instant messenger now has a ‘partial’ solution that is limited to Google Search users.
App reverse engineer Jane Manchun Wong, who tweeted that some 470,000 WhatsApp group links were indexed by Google, now states that WhatsApp has fixed the issue on Google. The company has removed the ‘chat.whatsapp.com’ listing from the search engine and has added the `noindex` meta tag on the chat invitation links. This means that now if you search the private group invitation links using the ‘chat.whatsapp.com’ query, the search result page will show ‘Your search – site:chat.whatsapp.com – did not match any documents.’
So how is it a ‘partial’ solution?
It is not a full-fledged solution yet as mentioned by Wong as the listing has only been removed from Google search results but one can still find the group invite links via other search engines like Yandex, Bing and DuckDuckGo.
It’s great to see WhatsApp taking steps to fix the oversight. It’s only the first steps though, because, as an open web,
the search results are still listed on other search engines like Yandex, Bing and DuckDuckGo pic.twitter.com/hTth6HciEe
— Jane Manchun Wong (@wongmjane) February 22, 2020
“It’s great to see WhatsApp taking steps to fix the oversight. It’s only the first steps though, because, as an open web, the search results are still listed on other search engines like Yandex, Bing and DuckDuckGo,” she further tweeted.
However, since WhatsApp seems determined enough to remove the search result from Google, it is just a few more hours before we see it vanishing from other search engines as well.
Facebook was aware about it since months
Yes, WhatsApp’s parent company Facebook knew about this issue since November 2019. This was revealed by a Twitter user named @hackrzvijay, who alerted Facebook about it in order to get some bounty but got a reply from the social media giant stating that it was an “intentional product decision”.