The Government of India will examine an alleged breach of privacy involving WhatsApp and might consider weaving safeguards into the Digital Personal Data Protection Bill that is in the works. This is in response to a Twitter engineer’s claim that the messaging app accessed the microphone of his smartphone when it was not in use.
Meta, Facebook’s parent company, owns WhatsApp, which has an estimated 500 million users in India. The messaging app was already at the centre of a debate about scam calls from overseas phone numbers to Indian users.
“This is an unacceptable breach n violation of #Privacy We will be examinig this immdtly and will act on any violation of privacy even as new Digital Personal Data protection bill #DPDP is being readied (sic),” Rajeev Chandrasekhar, Union Minister of State for Entrepreneurship, Skill Development, Electronics & Technology, said in a tweet Wednesday morning.
This was a quote-tweet in response to Foad Dabiri (@foaddabiri), an engineer with Twitter, who had alleged in a tweet on May 6 that WhatsApp had been using his phone’s microphone in the background while he was asleep. “What’s going on?” Dabiri asked, and attached a screenshot of nine alerts indicating microphone usage by WhatsApp throughout the night on his phone, a Pixel 7 Pro by Google, which runs on the Android operating system.
Not surprisingly, perhaps, Elon Musk, the new owner of Twitter, waded into the debate. Quoting Dabiri’s post, Musk tweeted: “WhatsApp cannot be trusted.”
WhatsApp, in response to Chandrasekhar on Twitter, said the issue was with Android. “We believe this is a bug on Android that mis-attributes information in their Privacy Dashboard and have asked Google to investigate and remediate,” it said.
WhatsApp went on to add that users had full control over their microphone settings. “Once granted permission, WhatsApp only accesses the mic when a user is making a call or recording a voice note or video -- and even then, these communications are protected by end-to-end encryption so WhatsApp cannot hear them,” it said.
A Google spokesperson said in a statement to the media: "We are aware of the issue and are working closely with WhatsApp to investigate.”
There have been allegations in the past as well about WhatsApp’s privacy mechanisms. In 2022, ethical hackers claimed that a chunk of the personal information of WhatsApp users had been stolen and found its way into the dark web – the encrypted part of the internet that is not indexed by conventional search engines. WhatsApp had denied the hackers’ claim.
The proposed Digital Personal Data Protection Bill provides for penalties of up to Rs 250 crore on data fiduciaries for failing to prevent personal data breaches. It also requires the fiduciaries to take clear and informed consent from users before collecting personal data.
The current laws, such as the Information Technology Act, 2000 and IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, have several obligations for online intermediaries with more than 5 million users. Section 43A of the IT Act provides that the platforms could be liable to pay compensation to the affected person in case of negligence.
Section 72A provides for punishment for intentionally or knowingly disclosing personal information relating to a person that was acquired for providing services under a lawful contract, without the consent of the person concerned or in breach of a lawful contract.