←back to thread

Google can now read your WhatsApp messages

(www.neowin.net)
469 points bundie | 9 comments | 08 Jul 25 16:11 UTC | HN request time: 0.867s | source | bottom
1. bsaul ◴[08 Jul 25 16:57 UTC] No.44501820[source]
how does this work ? Aren't the whatsapp data encrypted locally ?
replies(4): >>44501930 #>>44502057 #>>44502068 #>>44502213 #
2. inerte ◴[08 Jul 25 17:07 UTC] No.44501930[source]
Screen reader?
replies(2): >>44502086 #>>44505680 #
3. jazzyjackson ◴[08 Jul 25 17:20 UTC] No.44502057[source]
yes WhatsApp messages are stored in an encrypted sqlite database.

I'm not an android dev so I'm not positive about this but I expect whatsapp is shipping their app with "App Actions" interface giving the assisstant certain actions it can perform, so this is not wholesale database access. See [0]

App Actions extend your in-app functionality to Assistant, enabling users to access your app's features by voice. When a user invokes an App Action, Assistant matches the query to a BII declared in your shortcuts.xml resource, launching your app at the requested screen or displaying an Android widget.

You declare BIIs in your app using Android capability elements. When you upload your app using the Google Play console, Google registers the capabilities declared in your app and makes them available for users to access from Assistant.

https://developer.android.com/develop/devices/assistant/over...

4. pkilgore ◴[08 Jul 25 17:21 UTC] No.44502068[source]
You have to unencrypt data to process it and as soon as you do that, the right Kernel APIs are enough to see whatever you want -- here the accessibility APIs are probably enough to read any text you would be able to read.
replies(1): >>44502390 #
5. bsaul ◴[08 Jul 25 17:22 UTC] No.44502086[source]
oh ok, didn't understand that it was working over a screen capture stream... thanks !
6. bonoboTP ◴[08 Jul 25 17:35 UTC] No.44502213[source]
If Android can render the messages, Google must have a way to access them.
7. bsaul ◴[08 Jul 25 17:54 UTC] No.44502390[source]
another person in the thread suggests it's working over a screen capture stream. But that's what i'm wondering : are they working over a video of the screen or by integrating directly with the internals of the OS.
replies(1): >>44502562 #
8. jadamson ◴[08 Jul 25 18:15 UTC] No.44502562{3}[source]
The more likely candidate is reading notifications, no?
9. hnburnsy ◴[09 Jul 25 02:00 UTC] No.44505680[source]
Android Accessibility Service

https://developer.android.com/guide/topics/ui/accessibility/...

>Devices running Android 8.0 (API level 26) and higher include several text-processing features that make it easier for accessibility services to identify and operate on specific units of text that appear on screen.