WhatsApp Profile Photo Leakage Bug

WhatsApp Share Screen Profile Screen.

Download Link of my WhatsApp Profile Stealer App POC : https://drive.google.com/open?id=1cdFcGx7-EQSk1MtUEiCXQqfGy3uNzVVw

Telegram Invite Link for WhatsApp Profile Stealer POC :https://telegram.me/whatsappprofile

It’s a critical vulnerability ,Privacy Details(Profile Picture) of user is disclosed to a 3rd party App without user’s knowledge.Think of an App in PlayStore with more than 100M+ downloads which needs Storage Access(I don’t want to name any obviously),This App can possibly create a database of WhatsApp User’s Profile Pictures ,No matter What their Profile Visibility Settings are-.

If the App also takes Mobile No of User during regisration ,It can easily Map a phone number of User to Exact WhatsApp Profile Picture.(A lot of E-Commerce,online delivery,Cab Booking Apps need your mobile no during registration).

Facebook and my replies to the bug first time
Facebook and my repiles for second time for the same bug

Download Link of my WhatsApp Profile Stealer App POC : https://drive.google.com/open?id=1cdFcGx7-EQSk1MtUEiCXQqfGy3uNzVVw

Telegram Invite Link for WhatsApp Profile Stealer POC :https://telegram.me/whatsappprofile

To Be More Secure and If you care about Privacy and your Profile Picture and Don’t want your Profile Pictures to be leaked randomly online ,Then Just Don’t use the Share Button on The Profile Section of Your WhatsApp Profile Picture.

Click here To Buy Me A Cofee(Small Donation)
Click here to Donate or support the writer .
Click here to Donate or support the writer using PayPal
Click here to Donate or support the writer using PayPal

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store