Below you will find my take on answering some of the common questions that people have been asking around this update.
- Personal phone number
- Phone numbers of contacts in your mobile phone including both WhatsApp users and people who don’t use WhatsApp
- Profile Name
- Profile Picture
- Status Message. The default used to be “Hey there! I am using WhatsApp”
- Messages. However messages can not be read by WhatsApp or any third part because of End to End encryption. However the policy also hints that these messages are shared with Facebook however it claims that Facebook will only use these to assist WhatsApp in operating and providing services.
- Connections. Like Groups, Broadcast lists, Favorites etc.
- Usage and Logs. Diagnostic and performance information like how you use WhatsApp and interact with others log files, and diagnostic, crash, website, and performance logs and reports. Typically most apps do this for troubleshooting issues and fixing bugs.
- Device information. Such as hardware model, operating system information, browser information, IP address, mobile network information including phone number, and device identifiers (IMEI etc.).
- Device Location information. When you use location features like share your location with other contacts. WhatsApp can use this information for diagnostics and troubleshooting purposes.
- Online Status Information. Online vs Last Seen.
- Other people providing information about us. Like other people provide your phone number from their mobile address book (just as you may provide theirs), or they may send you a message, send messages to groups to which you belong, or call you.
- Third party services. Like when we share something using Share button and select some third party service like Mail, News Service then WhatsApp can collect our information from these services as well. However how the third party service use our data depends on terms and policies of that service itself.
What will be shared with WhatsApp post Feb 8 ?
- Messages. It states that messages are deleted from WhatsApp servers as soon as these are delivered to the recipient. Hence all the messages actually live on the device that you are using for WhatsApp and any backups that you are storing on iCloud/Google Drive. It also states that undelivered messages are kept on servers for 30 days and if still undelivered are deleted.
- Media Forwarding. It states that media like images, videos etc. is stored temporarily (not sure for how long) in encrypted form on WhatsApp servers This helps them to efficiently forward the same media to other recipients if one chooses to do so because the actual media won’t have to be uploaded again and server can just send that to new recipients.
- Contacts. It clearly states that contacts that are not using WhatsApp are not stored on WhatsApp servers and those are just used to create hashes that can then be used to identify when the user starts to use WhatsApp so that your contacts list can be updated quickly.
- More details on transactions and payments data. I am not going in detail on that for now. Let me know if you need this to be added in the comments below.
- Usage and Log Information. This includes information about your activity (including how you use WhatsApp, WhatsApp settings, how you interact with others using WhatsApp (including when you interact with a business), and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports.
- More Diagnostic Info. This includes information about when you registered to use WhatsApp; the features you use like messaging, calling, Status, groups (including group name, group picture, group description), payments or business features; profile photo, “about” information; whether you are online, when you last used our Services (your “last seen”); and when you last updated your “about” information.
- Device and Connection Information. This includes information such as hardware model, operating system information, battery level, signal strength, app version, browser information, mobile network, connection information (including phone number, mobile operator or ISP), language and time zone, IP address, device operations information, and identifiers (including identifiers unique to Facebook Company Products associated with the same device or account).
- Location Sharing. Now the policy clearly states that “even if you do not use our location-related features, we use IP addresses and other information like phone number area codes to estimate your general location (e.g., city and country).”
- Businesses On WhatsApp: It is stated that businesses you interact with can share your information with WhatsApp and Facebook. In other words whatever you share with Business can then be used by Business for its own interests as per the Businesses’ own terms and policies.
What will be shared with Facebook post Feb 8 ?
New policy now has reference to a dedicated FAQ that is meant to answer what WhatsApp account information is shared with Facebook, however it does a fairly poor job in answering the question and provides a very vague answer rather than a comprehensive list of data points.
WhatsApp has also published a dedicated FAQ page to address some of the rumors regarding privacy of messages and contacts which now clearly states that:
- WhatsApp cannot see your private messages or hear your calls and neither can Facebook.
- WhatsApp does not share your contacts with Facebook.
- WhatsApp can not see your shared location with another contact and neither can Facebook. However they have claimed previously that they use other means like IP addresses etc. to find your approximate location.
- WhatsApp does not keep logs on who everyone is messaging or calling.
- Group messages are end to end encrypted as well.
- Messaging with business accounts is not private and business can share your information for marketing purposes including sharing it with Facebook.
- When you use shopping features on WhatsApp that data is shared with Facebook to improve the experience (think ads) on other platforms like Facebook, Instagram.
- Some ads on Facebook will have links to WhatsApp and Facebook can use your information here.
So it is fair to assume other than the things mentioned above rest are all being shared with Facebook like your phone number, name profile image, statuses, device logs, online statuses, diagnostic information etc.
So What’s different about this policy ?
What does it all mean for Facebook users ?
How to find out if WhatsApp has already shared your data with Facebook ?
You will need to request your account information report from WhatsApp. this report includes the value for 2016 opt-out flag. If the value of that flag is “No” it means that you have not opted out which means that your information is already being shared with Facebook.
In order to request the report you will have to Open WhatsApp on your phone and then go to Settings → Account → Request Account Info → Request Report. This will take about 3 days for the report to become available.
What does it all mean for non-Facebook users ?
How to delete your WhatsApp account including all data ?
If you are keen to do away with WhatsApp then please make sure you delete the account using WhatsApp settings that will actually delete all your data from WhatsApp servers.
Deleting just the app from your mobile phone is not going to be helpful as your data will be retained on the server for longer period of time.
Chats/Messages remain end to end encrypted since the application update in April 2016 and there is no change on that front. WhatsApp has been sharing your account information with Facebook since at least 2016. Payments and Interactions with business accounts however remain unencrypted and it looks like Facebook is mostly interested in that as that helps Facebook with their ads business.
I am not affiliated with WhatsApp or Facebook in any way possible. All this information is collected from WhatsApp pages themselves and has been mentioned here to the best of my knowledge and understanding.