WhatsApp has an ‘Invite to Group via Link’ feature that lets an admin invite other people to join a group chat by sending over an invite link. But it appears that Google is indexing those invite links, leaving private group chats exposed to anyone who stumbles upon the invite links with a random keyword search.

App reverse-engineer, Jane Manchun Wong, tweeted that Google has indexed around 470,000 WhatsApp group invite links. A simple keyword search by using the “chat.whatsapp.com” URL extension will reportedly let random people discover a WhatsApp group chat without ever being invited to join it.

We were able to independently verify that this frightening vulnerability is very real, and it let us join a random WhatsApp group by using an indexed link with relative ease. Regarding the grave privacy issue, here’s what a WhatsApp spokesperson was quoted as saying:

Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.

It appears that the only way to keep group chats private is by invalidating the older invite link. Group admins should generate a new invite link to their WhatsApp group, because doing so will automatically invalidate the older one that has been indexed by Google. But as per multimedia journalist Jordan Wildon, there is no way to fully disable a group invite link that is now in public domain.

You May Also Like
Microsoft’s Defender ATP antivirus app for Android is now out in Preview
The Microsoft Defender ATP for Android will offer protection against phishing attacks, unsafe network connections from apps, websites, and malicious apps.
Apple WWDC 2020
Here’s everything we saw today during Apple’s WWDC 2020
Take a look at everything that was announced today during Apple’s WWDC 2020