Google’s indexing of WhatsApp numbers raises privacy concerns

Earlier this year, Bleeping Computer reported how invite links to private groups of messaging apps like WhatsApp and Telegram were visible on Google, letting anyone join the groups. This week, security researcher Athul Jayaram highlighted an issue with WhatsApp’s “wa.me” domain “leaking” contact phone numbers on Google. As stated by Jayaram and confirmed by BleepingComputer, there is no “robots.txt” file on “wa.me” or “api.whatsapp.com” domains that instructs search engines not to crawl phone numbers on the website.

As a result, the links which start with “https://wa.me/” get indexed by Google and other search engines and appear in search results. When clicked, these links redirect to an “api.whatsapp.com” page enabling a user to “continue chat” with the WhatsApp user. While this could be a potential privacy issue, especially if spammers can get their hands on legitimate WhatsApp numbers being indexed by Google and text you directly on WhatsApp, this isn’t necessarily a bug.

As a test, I created the fake http://wa.me/11111 link using a fake phone number.

Source: bleepingcomputer.com