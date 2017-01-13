Experts said the findings were”serious” and “alarming” at a time when governments are looking for ways to bypass encryption, and criticised the company for violating users’ privacy.

“The potential for government abuses from this misuse of encryption with WhatsApp is alarming,” said Kevin Bocek, chief cyber security strategist at Venafi. “This is a serious vulnerability.”

Bocek urged companies to put systems in place that protect cryptographic keys quickly when needed. “This is critical at a time when governments worldwide are attempting to break down and intrude on the use of encryption to protect privacy, a basic right for people worldwide.”

WhatsApp said it implemented the backdoor to make it easier for users, with the most common reason for security codes changing being when a user switches their device or re-installs the app.

“In many parts of the world, people frequently change devices and Sim cards,” the company said. “In these situations, we want to make sure people’s messages are delivered, not lost in transit.”

WhatsApp did not comment on whether the flaw had been used to assist law enforcement and government agencies, deferring media to Facebook’s Transparency Report.

How to protect your messages

WhatsApp users can alter their settings to receive an alert whenever there is a change made to encryption. This means that they would get a notification if one of their messages was redirected to a device with a different key. To set up encryption warnings go to Settings -> Account -> Security -> Turn on Show security notifications.

Another option is to use other messaging apps that boast more secure encryption, such as Signal.