Best Cool Whatsapp Status For Girlfriend or Boy Friend

You might think, well it’s a contact of mine, I willing to let him know that. But again, there is a catch: these events valentines day whatsapp status, can be followed by everyone on WhatsApp.

So back to “What is WhatsSpy Public”. Well it’s just a Proof of Concept of how broken this design actually is. It acts like a normal WhatsApp application to the servers of WhatsApp. But once logged valentines day status in it starts doing other things.

The message “online” mentioned above is in fact a subscriber service (you tell the server you want any updates about the offline or online status of this person and the server sends updates if they occur). This subscription system is not limited to one person either. You can basically try to subscribe to all WhatsApp users out there in the world, and WhatsApp should just happily return this information. Not that my Proof of Concept could handle it, it’s just to give the WhatsApp user some insight of what is actually is going on.

If not done already, some random person could just try to subscribe to all WhatsApp users and retrieve their online/offline status meanwhile a lot of WhatsApp users (like myself) would thought my privacy was protected by these options! Imagine selling this information for marketing purposes, this just creeps me out. I don’t want to retrieve a coupon on some drug that makes me sleep better, definitely not from some stranger (beside WhatsApp themselves)!

Of course privacy is already a heavily discussed topic at Facebook and WhatsApp, but now when a complete stranger can know when I wake up is going way too far if you ask me…

How does WhatsSpy Public work?

As told before, WhatsSpy Public acts like a WhatsApp clients to the WhatsApp servers. But once logged in it starts doing privacy invasive things. By abusing the protocol it listens for any updates from any users you added to WhatsSpy Public. This is a problem by design and need to be fixed.

WhatsSpy Public is in fact a regular web-application (it runs on a server or “the cloud”) and the tracker itself is just a PHP (programming language) based script.

The requirements mention a jailbroken iPhone, rooted Android phone, or using WART but this is just to retrieve a secret code used in WhatsApp to communicate between the client (your application on your phone) and the server (somewhere in a big data center). This secret links a phonenumber to an WhatsApp client. This secret code is used in WhatsSpy public to act like it’s a normal WhatsApp client. This iPhone or Android phone needs to be jailbroken/rooted because you need the secret which is stored at a safe location, protected by the Operating System (iOS, Android).

As a programmer with some knowledge of PHP (programming language) and PostgreSQL (database in which you store things) you can set up WhatsSpy Public in a matter of minutes. Imagine the following activities (just to give you an idea):

Retrieving the secret from your mobile phone or WART (10 minutes).

Installing WhatsSpy Public on your server (20 minutes).

Setting up the database (5 minutes).

Adding users (5 minutes).

Starting the tracker (5 minutes).

In the "getting started" is also mentioned that you need a second WhatsApp account. The primary reason for this requirement is because you cannot use both the tracker and the WhatsApp application on your phone at the same time. In this case there is a chance that messages will be sent to the tracker and because WhatsApp only sends messages once they will be gone.