14 DAY TRIAL // A recently published study analyzed how WhatsApp's internal protocol functions, and revealed that personal information regarding phone numbers and call duration is collected and stored on WhatsApp's server.
To be fair, WhatsApp never claimed to be an anonymous calling service, but the study does reveal the intricate details that power its communication systems.
The study, carried out by F. Karpisek of Brno University of Technology in the Czech Republic, Ibrahim (Abe) Baggili and Frank Breitinger, co-directors of the Cyber Forensics Research & Education Group at the University of New Haven, focuses on the FunXMPP protocol used by WhatsApp, a deviation of XMPP (Extensible Messaging and Presence Protocol), which is a protocol also used by Google for its GTalk service.
By analyzing messages exchanged between an Android phone and the WhatsApp servers using a tool specifically built for this task, researchers were able to break down the communications protocol, and see what's happening inside.
Researchers analyzed the network communication protocol behind WhatsApp
According to their findings, for each voice call initiated, WhatsApp went through an authentication process first, validating users participating in the conversation, set up a communications channel using the Opus codec at 8 or 16 kHz, established the call's relay servers, and the two endpoint IP addresses participating in the call.
Besides all these technical details, sniffing network traffic for test calls, researchers were able to determine that WhatsApp sent call metadata to its servers. This included phone numbers, timestamps, call duration, and the audio codec type used for the call.
While the researchers sounded the alarm on a possible privacy intrusion that may arise from storing this type of data on remote servers, the WhatsApp protocol was not analyzed in any other way (for security holes).
“This tool [used to break down the protocol] may be useful for deeper analysis of the WhatsApp protocol,” wrote the authors, urging other scientists to “analyze the network traffic of other popular messaging applications so that the forensic community can gain a better understanding of the forensically relevant artifacts that may be extracted from the network traffic, and not only the data stored on the devices."