Ensuring User Safety in India on WhatsApp
WhatsApp is an industry leader among end-to-end encrypted messaging services in preventing abuse and promoting online security. At WhatsApp, the safety of our users is at the core of everything we do.
WhatsApp has made significant product changes to help enhance security and privacy. Besides continuous product innovations, over the years we have also consistently invested in state-of-the-art technology, artificial intelligence, data scientists, experts, and in processes, to support user safety.
The private nature of WhatsApp
Privacy and security is in our DNA, which is why we built end-to-end encryption into our app in 2016. When end-to-end encrypted, your messages, photos, videos, voice messages, documents, status updates and calls are secured to help protect them from falling into the wrong hands.
End-to-end encryption helps ensure only you and the person you're communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp. This is because with end-to-end encryption, your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. All of this happens automatically: no need to turn on any special settings to secure your messages.
Product features to keep you safe
- Two-step verification: We recommend users to add an extra layer of security to their WhatsApp account by enabling a two-step verification feature which requires a six-digit PIN when resetting and verifying your WhatsApp account, in the event of your SIM card being stolen or your phone being compromised.
- Forward limits: We have set limits on forwarding messages, making us one of the few messaging services to intentionally constrain sharing. These labels help users identify forwarded messages and the number of times you can forward them. If a message has already been forwarded, you can forward it to up to five chats and if a message has a “forwarded many times” label, it can only be forwarded to one chat at a time. We have also introduced new group forwarding limits where messages that have the "forwarded label" can only be forwarded to one group at a time, rather than five.
- Control your online presence: For the moments you want to keep your online presence private, users can select who can and can’t see when you’re online.
- Block and report: Unlike traditional SMS, WhatsApp provides a simple way for users to block accounts and make reports to WhatsApp if they encounter problematic messages. We encourage users to report problematic contacts to us. In addition, we now provide the option for people to keep reported messages on their phone if they want to share them with fact checkers or law enforcement officials. Users can also now report accounts to WhatsApp by flagging a specific message. Users simply need to long press a message to either report or block a user.
- Disappearing messages: We have launched ‘Disappearing Messages’ to let users send messages that disappear from WhatsApp. Once enabled, new messages sent in the individual or group chat will disappear twenty-four hours, seven days or ninety days after the time they are sent, depending on the duration users select. We launched the feature 'View Once' - photos and videos that disappear from the chat after they’ve been opened, giving users even more control over their privacy. We have also enabled screenshot blocking for View Once messages for an added layer of protection.
- Group privacy settings: WhatsApp’s privacy settings and group invite system allow users to decide who can add them to groups. This significant change increases user privacy and helps prevent people from being added to unwanted groups.
- Leave groups silently: Users can exit a group privately without making it a big deal to everyone. Instead of notifying the full group when you are leaving a group, only the admins will be notified
- Admin controls: We have made a number of changes to WhatsApp groups that empower users with additional controls. We launched a setting that enables administrators to decide who can send messages within groups.
- End-to-end encrypted backup: Users can now add the same layer of end-to-end encryption to protect their chat backups on iCloud or Google Drive. With end-to-end encrypted backup, messages and media are stored in the cloud and secured by a password or a 64-digit encryption key.
Preventing abuse in India
WhatsApp has no direct visibility into the content of personal messages sent on our service. Hence, we rely on behavioural signals from accounts and available unencrypted information including user reports, profile photos, group photos and descriptions. We deploy a combination of security measures and processes to help keep our users safe. We apply spam detection technology to spot and take action on accounts engaging in abnormal behavior to stop spam. Additionally, we have built specific India-processes that help to prevent abuse on WhatsApp in India.
- Grievance Officer: We have a Grievance Officer based in India, who can be contacted if a user has a concern about their experience and is unable to report it through other channels. We continually work with government authorities to keep our users safe and provide a separate dedicated channel for requests by government and law enforcement authorities here to facilitate an expeditious and effective response.
- Monthly Reports: In compliance with IT Rules 2021, WhatsApp regularly releases its monthly report in India that highlights steps taken by us to ensure user safety on WhatsApp. The reports detail user complaints received and the corresponding action taken by WhatsApp, as well as WhatsApp’s own preventive actions to combat abuse on the platform. You can access the India Monthly Reports here.
WhatsApp has zero tolerance for child sexual abuse material (CSAM) and other sexual abuse material. WhatsApp relies on all available unencrypted information, including user reports, to detect and prevent this kind of abuse, and we are constantly improving our detection technology. We also report violating content and accounts to the National Center for Missing and Exploited Children (NCMEC), which refers these CyberTips to Law Enforcement globally and in India, specifically to the National Crime Records Bureau (“NCRB”).
Working with law enforcement
WhatsApp continues to work closely with law enforcement agencies and carefully reviews law enforcement requests based on applicable laws and our policies. In coordination with the Government of India we have provided law enforcement training on how to use WhatsApp as a resource in their community, respond to citizens on WhatsApp and make legal requests to WhatsApp in the process of investigating a crime. More information on the process can be found here.
We recognise that misinformation is a behavioural and societal scourge, hence we have devoted efforts to both, through product innovation and education, in order to empower users with resources that help them verify information.
- Fact checking within WhatsApp: In India, 10 fact checking organizations (as of April, 2023) help to provide users the service of verifying information through a WhatsApp bot. They are enabled through the WhatsApp API-platform solution and are accredited by the International Fact-Checking Network. IFCN's bot is a free of cost service. Users can save +1 (727) 2912606 as a contact number and text ,”Hi” to get a message or information validated. Alternatively, our users can click http://poy.nu/ifcnbot to access a global directory of fact-checking organizations.
- Public Education Campaigns: We encourage users to think about the messages they receive and verify the facts via official trusted sources. WhatsApp has launched large-scale education campaigns to help address misinformation in several countries, including our campaign 'Share Joy, Not Rumours'. We built on this multi-year campaign by launching our second campaign named ‘Check it before you share it’. to remind users to always double-check facts before forwarding a message.
- Supporting safe elections: WhatsApp has set up a high priority channel with Election Commission of India (ECI) as part of an industry initiative and observes the voluntary code of ethics with a view to assist ECI in conducting free and transparent elections. WhatsApp maintains regular engagements with ECI officials to keep them updated on the approach to Indian elections and to discuss methods of working together more effectively.Additionally, political parties are trained ahead of all elections to promote an understanding of the importance of using WhatsApp responsibly. The training cautions party-workers that their accounts could become banned if they send WhatsApp messages to users without prior user-consent.
Promoting cybersecurity and safety best practices
- Sharing verification codes: To protect user privacy, WhatsApp recommends not sharing a verification code with unknown third parties. For example, if a user receives a message requesting their verification code in exchange for a reward or special offer (via SMS or other means), users are recommended to be mindful that the sender could be a bad actor trying to access and subsequently compromise the said account, such as by impersonation or through other scams.
- Impersonation: A bad actor who gains access to a user's account would compromise the account, such as by misusing the victim's display picture or posing as the victim to message their contacts with requests for money. Alternatively, the bad actor may access a user’s contacts information to impersonate the victim's contacts, messaging the victim themself with requests for money or assistance.We strongly recommend carefully scrutinizing messages that request sensitive information, money, or other assistance, even if those messages initially appear to have been sent from known contacts. In such circumstances, it is best to verify that the message was in fact sent from someone known (for example, by calling the contact and asking them if they've sent the request). Activating two-step verification will safeguard your account against phishing attacks and takeover attempts by scammers.
- Other scams: Users may receive messages on any app with details of a windfall gain, job offer, quick money scheme, among others. Let your better judgment prevail and carefully scrutinize such ‘windfall’ messages as they could be scams. Block and report such senders without interacting further.
Clarifications and helpful information
- Chat storage:
- The end-to-end encryption technology used by WhatsApp helps to keep conversations private between a sender and a receiver for all personal messages in transit within WhatsApp to help protect against WhatsApp and third parties from reading them.
- In the ordinary course of providing our service, WhatsApp does not store messages once they are delivered or transaction logs of such delivered messages. Undelivered messages are deleted from our servers after 30 days.
- However, when a message reaches a user, the user’s device may have default storage options that may automatically store the user’s data.
- We encourage users to take advantage of all the security features provided by their device’s operating systems (OS) such as strong passwords or other security features to prevent unwanted persons (including potential bad actors) from accessing any content stored on their device.
- Users may also have subscribed to third-party data backup services (like iCloud or Google Drive), which store information such as the user’s SMS, emails, or messages, etc. Whenever such services are deployed, the third party’s terms and privacy policies govern the use of the services, apps and products that they provide to a user.
- Additionally, there may be situations when a user provides physical access to their device to external parties. This could lead to others compromising the user’s data, for example by viewing or capturing screenshots of chats, listening to or making recordings of calls.
- Some people erroneously assume that it is possible for WhatsApp to identify the originator of a message, while still keeping end-to-end encryption intact. This is not possible.
- Requiring messaging apps to “trace” chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermine the privacy of our users’ personal conversations on WhatsApp. You can find more information on how traceability effectively breaks end-to-end encryption here.
- Some others mistakenly assume that if WhatsApp can enable a forward limit on a message, then it also knows the content of such a message, including its originator. This is not true. The counting of message forwards occurs on users’ devices rather than occurring on WhatsApp servers, and is protected by end-to-end encryption, which means only the sender’s device and the recipient's device have access to it.