Ensuring User Safety in India on WhatsApp
WhatsApp is an industry leader among end-to-end encrypted messaging services in preventing abuse and promoting online security. At WhatsApp, the safety of our users is at the core of everything we do. With more than 400 million Indians using WhatsApp to have private conversations with friends and family, we remain deeply committed to keeping our users safe online.
WhatsApp has made significant product changes to help enhance security and privacy. Besides continuous product innovations, over the years we have also consistently invested in state-of-the-art technology, artificial intelligence, data scientists, experts, and in processes, to support user safety.
The private nature of WhatsApp
Privacy and security is in our DNA, which is why we built end-to-end encryption into our app in 2016. When end-to-end encrypted, your messages, photos, videos, voice messages, documents, status updates and calls are secured to help protect them from falling into the wrong hands.
End-to-end encryption helps ensure only you and the person you're communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp. This is because with end-to-end encryption, your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. All of this happens automatically: no need to turn on any special settings to secure your messages.
Product features to keep you safe
- Two-Step verification: We recommend users to add an extra layer of security to their WhatsApp account by enabling a Two-Step Verification feature which requires a six-digit PIN when resetting and verifying your WhatsApp account, in the event of your SIM card being stolen or your phone being compromised.
- Forward limits: We have set a limit on forwarding messages to just five chats at once, making WhatsApp one of the few messaging services to intentionally constrain sharing. This has reduced the number of forwarded messages on WhatsApp in India by over 25%. This counting of forwards occurs on users’ devices and is protected by end-to-end encryption which means only the sender’s device and the recipient's device have access to it.
- Additional limits for viral messages: We have set additional limits for forwards that have been forwarded many times. These messages are marked with double arrows and labeled as “Forwarded many times” to indicate they did not originate from a close contact and can only be forwarded to one other chat at a time. This change reduced these kinds of messages by over 70%.
- Block and report: Unlike traditional SMS, WhatsApp provides a simple way for users to block accounts and make reports to WhatsApp if they encounter problematic messages. We encourage users to report problematic contacts to us. In addition, we now provide the option for people to keep reported messages on their phone if they want to share them with fact checkers or law enforcement officials.
- Message level reporting: Users can now report accounts to WhatsApp by flagging a specific message. Users simply need to long press a message to either report or block a user.
- Disappearing messages: We have launched ‘Disappearing Messages’ to let users send messages that disappear from WhatsApp. Once enabled, new messages sent in the individual or group chat will disappear twenty-four hours, seven days or ninety days after the time they are sent, depending on the duration users select.
- View once: We launched the feature ‘View Once’ - photos and videos that disappear from the chat after they’ve been opened, giving users even more control over their privacy.
- Group privacy settings: WhatsApp’s privacy settings and group invite system allow users to decide who can add them to groups. This significant change increases user privacy and helps prevent people from being added to unwanted groups.
- Admin controls: We have made a number of changes to WhatsApp groups that empower users with additional controls. We launched a setting that enables administrators to decide who can send messages within groups.
- Flash calls: New Android users opting for WhatsApp and users re-installing WhatsApp on an Android phone (such as one who is changing phone handsets), now have the option to verify their phone number through an automated call, as opposed to an SMS message, if they’d like. This allows WhatsApp to call their device and verify automatically, eliminating the need for any other SMS verification action.
- End-to-end encrypted backup: Users can now add the same layer of end-to-end encryption to protect their chat backups on iCloud or Google Drive. With end-to-end encrypted backup, messages and media are stored in the cloud and secured by a password or a 64-digit encryption key.
Preventing abuse in India
WhatsApp has no direct visibility into the content of personal messages sent on our service. Hence, we rely on behavioural signals from accounts and available unencrypted information including user reports, profile photos, group photos and descriptions. We deploy a combination of security measures and processes to help keep our users safe. We apply spam detection technology to spot and take action on accounts engaging in abnormal behavior to stop spam. Additionally, we have built specific India-processes that help to prevent abuse on WhatsApp in India.
- Grievance Officer: We have a Grievance Officer. based in India, who can be contacted if a user has a concern about their experience and is unable to report it through other channels. We continually work with government authorities to keep our users safe and provide a separate dedicated channel for requests by government and law enforcement authorities here to facilitate an expeditious and effective response.
- Monthly Reports: In compliance with IT Rules 2021, WhatsApp regularly releases its monthly report in India that highlights steps taken by us to ensure user safety on WhatsApp. The reports detail user complaints received and the corresponding action taken by WhatsApp, as well as WhatsApp’s own preventive actions to combat abuse on the platform. You can access the India Monthly Reports here.
WhatsApp has zero tolerance for child sexual abuse material (CSAM) and other sexual abuse material. WhatsApp relies on all available unencrypted information, including user reports, to detect and prevent this kind of abuse, and we are constantly improving our detection technology. We also report violating content and accounts to the National Center for Missing and Exploited Children (NCMEC), which refers these CyberTips to Law Enforcement globally and in India, specifically to the National Crime Records Bureau (“NCRB”).
We recognise that misinformation is a behavioural and societal scourge, hence we have devoted efforts to both, through product innovation and education, in order to empower users with resources that help them verify information.
- Fact checking within WhatsApp: In India, 10 fact checking organizations (as of February, 2022) help to provide users the service of verifying information through a WhatsApp bot. They are enabled through the WhatsApp API-platform solution and are accredited by the International Fact-Checking Network. IFCN's bot is a free of cost service. Users can save +1 (727) 2912606 as a contact number and text ,”Hi” to get a message or information validated. Alternatively, our users can click http://poy.nu/ifcnbot to access a global directory of fact-checking organizations.
- Public Education Campaigns: We encourage users to think about the messages they receive and verify the facts via official trusted sources. WhatsApp has launched large-scale education campaigns to help address misinformation in several countries, including our campaign 'Share Joy, Not Rumours'. We built on this multi-year campaign by launching our second campaign named ‘Check it before you share it’. to remind users to always double-check facts before forwarding a message.
- Supporting safe elections: In 2019, WhatsApp set up a high priority channel with Election Commission of India (ECI) as part of an industry initiative and observes the voluntary code of ethics with a view to assist ECI in conducting free and transparent elections. WhatsApp maintains regular engagements with ECI officials to keep them updated on the approach to Indian elections and to discuss methods of working together more effectively.Additionally, political parties are trained ahead of all elections to promote an understanding of the importance of using WhatsApp responsibly. The training cautions party-workers that their accounts could become banned if they send WhatsApp messages to users without prior user-consent.
Promoting cybersecurity to safeguard you against scams, spams and impersonation
- Sharing Account One-Time Password (OTP): To protect user privacy, WhatsApp recommends not sharing an OTP with unknown third parties. For example, if a user receives a message requesting their OTP in exchange for a reward or special offer (via SMS or other means), users are recommended to be mindful that the sender could be a bad actor trying to access and subsequently compromise the said account, such as by impersonation or through other scams.
- A bad actor who gains access to a user’s account could compromise the account, such as by misusing their display picture or messaging their contacts. Additionally, the bad actor with access to the user’s contacts might also use the information to impersonate the user’s contacts, messaging the victim themselves with requests for information or other assistance.
- We strongly recommend carefully scrutinizing messages that request sensitive information, money or other assistance, even if those messages initially appear to have been sent from known contacts. In such circumstances, it is best to verify that the message was in fact sent from someone known (for example, calling the contact who is the apparent sender and asking them if they’ve sent the request). Take appropriate action, only after you ascertain facts.
- A bad actor who gains access to a user's account could also reach out to any of the user’s contacts asking for money while posing as them, without their knowledge.
- Beware that such impersonation is often carried out by fraudsters and users can protect their accounts by enabling Two-Step Verification. on WhatsApp to keep accounts safe.
- Other scams: Users may receive messages on any app with details of a windfall gain, job offer, quick money scheme, among others. Let your better judgment prevail and carefully scrutinize such ‘windfall’ messages as they could be scams. Block and Report such senders without interacting further.
Clarifications and helpful information
- Chat leaks:
- The end-to-end encryption technology used by WhatsApp helps to keep conversations private between a sender and a receiver for all personal messages in transit within WhatsApp to help protect against WhatsApp and third parties from reading them.
- In the ordinary course of providing our service, WhatsApp does not store messages once they are delivered or transaction logs of such delivered messages. Undelivered messages are deleted from our servers after 30 days.
- However, when a message reaches a user, the user’s device may have default storage options that may automatically store the user’s data.
- We encourage users to take advantage of all the security features provided by their device’s operating systems (OS) such as strong passwords or other security features to prevent unwanted persons (including potential bad actors) from accessing any content stored on their device.
- Users may also have subscribed to third-party data backup services (like iCloud or Google Drive), which store information such as the user’s SMS, emails, or messages, etc. Whenever such services are deployed, the third party’s terms and privacy policies govern the use of the services, apps and products that they provide to a user.
- Additionally, there may be situations when a user provides physical access to their device to external parties. This could lead to others compromising the user’s data, for example by viewing or capturing screenshots of chats, listening to or making recordings of calls.
- Some people erroneously assume that it is possible for WhatsApp to identify the originator of a message, while still keeping end-to-end encryption intact. This is not possible.
- Requiring messaging apps to “trace” chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermine the privacy of our users’ personal conversations on WhatsApp. You can find more information on how traceability effectively breaks end-to-end encryption here.
Working with Law enforcement
WhatsApp continues to work closely with Law Enforcement agencies and carefully reviews law enforcement requests based on applicable laws and our policies. In coordination with the Government of India we have provided law enforcement training on how to use WhatsApp as a resource in their community, respond to citizens on WhatsApp and make legal requests to WhatsApp in the process of investigating a crime. More information on the process can be found here.