SC Magazine: Security consultant Bas Bosschert picked up on the flaw in a blog post on Tuesday, where he detailed how WhatsApp – which was acquired by Facebook for US$16 billion last month – saves private messages onto the phone or tablet’s Secure Digital (SD) card, which could be intercepted if the developer of another Android application asks the user to permission to access the SD card when downloading the app.
This is a common practice for most mobile applications, across Android, iOS and Windows, with permissions often including access to SMS messages, the phone’s contact book or to cellular data.