The software exploits a ‘design flaw’ in the messaging service’s optional status feature which lets other users know whether someone is online or offline.
It enables a user’s status to be tracked, and also monitors changes to profile pictures, privacy settings or status messages for any user, even if they have the strictest privacy option.
When a Whatsapp user disables settings such as ‘last seen’, other users still get notified that their online if they are in a WhatsApp conversation with them.
Dutch developer Maikel Zweerink created the software after he noticed the discrepancy. He says the ‘proof of concept’ is designed to draw attention to the flaw.
Once downloaded, the software reveals a timeline of the online status of a tracked user and can compare this to another tracked user.
‘The privacy options in Whatsapp act like they give you full control over your status in Whatsapp meanwhile they only affect a very limited scope,’ Mr Zweerink writes on his blog.
‘Sure, the last seen, profile picture and status options do work, but probably not as the user intended it to.
‘The ability for a complete stranger to follow your in-app status is pretty creepy and might be abused already. This is not a “hack” or “exploit” but it’s broken by design.’
WhatsSpy Public only works on specific devices, such as a jail broken iPhone or a rooted Android, and requires some technical knowledge.
WhatsApp, owned by Facebook, is one of the most popular mobile messaging app, with 700 million monthly active users sending more than 30 billion messages per day.
This story was written by Ellie Zolfagharifard.
Send us your stories at email@example.com