- Joined
- May 15, 2016
- Messages
- 14,557
- Likes
- 2,645
- Points
- 1,730
Codes are visible on devices whose owners have superuser rights on them.
Back in 2017, WhatsApp received a two-factor authentication mechanism designed to provide an additional level of security for millions of instant messenger users. However, as was recently discovered, there is a serious flaw in the implementation of this mechanism.
According to Twitter users, WhatsApp stores two-factor authentication security codes in unencrypted form (on iOS devices in / var / mobile / Containers / Data / Application / Whatsapp / Library, on Android devices in / data / data / app / com. whatsapp / shared_prefs / com.whatsapp_preferences.xml).
The text file with the code is stored in the sandbox, so other applications cannot access it. In addition, a copy of the file is not saved in regular WhatsApp backups. On the other hand, codes are visible on Android devices whose owners have superuser rights on them. That is, applications with superuser privileges have access to the code file. IOS may also have vulnerabilities that allow third-party applications to access the file, so WhatsApp developers should encrypt it in order to avoid possible negative consequences.
Back in 2017, WhatsApp received a two-factor authentication mechanism designed to provide an additional level of security for millions of instant messenger users. However, as was recently discovered, there is a serious flaw in the implementation of this mechanism.
According to Twitter users, WhatsApp stores two-factor authentication security codes in unencrypted form (on iOS devices in / var / mobile / Containers / Data / Application / Whatsapp / Library, on Android devices in / data / data / app / com. whatsapp / shared_prefs / com.whatsapp_preferences.xml).
The text file with the code is stored in the sandbox, so other applications cannot access it. In addition, a copy of the file is not saved in regular WhatsApp backups. On the other hand, codes are visible on Android devices whose owners have superuser rights on them. That is, applications with superuser privileges have access to the code file. IOS may also have vulnerabilities that allow third-party applications to access the file, so WhatsApp developers should encrypt it in order to avoid possible negative consequences.