WhatsApp security has been always in question since its beginning. I babbled many times to friends about it but people are so crazy about it that they are ready to give up on their social security. There have been many reported WiFi hack, Contacts hack, Plain and picture message hacks etc. Now, this WhatsApp profile picture hack is not new but I want to show people how to do it. Only then people might start taking it seriously.
So, what is the profile picture hack? As per WhatsApp terms, people are not allowed to store or copy any individual’s profile picture or group photo. As from the screenshot, it is clear that there is no option to save it when you see it. However, you will be amazed to know that this application itself stores it in memory card of the phone.
Now, what you have to do is just click the Group or Person’s name to view its profile. Then click on the profile picture and wait it to get loaded.
Press back and come out of the application. Connect your phone to either PC or use a file explorer on cell phone to find this folder path;
MemoryCard Drive/WhatsApp/Profile Pictures
You will find the same profile picture there which can be copied to another location. Profile picture will have the person’s mobile number as filename. Just copy this to another location on your memory card. The filename is constant as mobile number so the profile picture changes when the user changes it. You won’t be able to get a previous profile picture.
If it’s stored on Memory card why I never saw this in Gallery? How people don’t come to know this?
Simple. If you look into the folder above ‘Profile Pictures’; there is a file called “.nomedia”. This is a blank file. Only use of this file is to tell Android system and applications like Media players etc. not to scan that folder for any kind of media. This is very old method to hide pictures from Gallery etc. Shame that such simple and useless trick is used by WhatsApp to provide security.
So, ok. What’s at stake here? Your privacy. How? All are my friends! Wrong!
Remember WhatsApp work on the basis of phone number. What, if you called an unknown person an year ago e.g. Any agent or broker and he/she saved your number. Now he/she is able to look your profile and thus get your so called personal profile picture. I don’t think you want in the hands of some unknown crazy. Problem! Right?
Ah.. Just that? I don’t care. Bad news people. You should!
There are many adults and bad sites which uses new and fresh pictures for their ads and promotion. You may notice that many of them are taken or cropped out from some profile picture. This is becoming easier option for bad sites as they save money on models etc. I am sure you don’t want your photo on some sleazy site saying ” Become My Friend! Click On Me!”. Lol! Think about it.
What can you do?
1. Don’t use WhatsApp. Lol! That would make me an enemy of many. Totally impractical suggestion.
2. Select your profile picture carefully. You can’t control the fact that who saves your number.
2. Use Block feature. Not totally effective for privacy but a pretty good feature. After blocking a person, any changes or new profile pictures will be unavailable to him/her. Remember you can only block a person if he/she is in your contact or messaged you directly.
What application developer can do?
1. Stop WhatsApp. Lol! One more useless idea.
2. Image Sprites! I will just say that. Devs know what can be done. Not completely unbreakable but may limit people.
3. How about encrypted pictures which can only be seen inside the application. We already have the key-pair kind of things.
4. Easiest one I could think of. Don’t store it. Make it real time and make it load every time. Will increase data usage though. Not good from a user perspective.
5. This one is the best one I can think of. Notification and permission requirement. When a user click the picture, a notification will go to the user and ask for permissions before opening it in full screen.
So, that is all. Last question: “I always choose my social sharing carefully. Do you?”
P.S: Don’t comment or mail me for any hacks. Articles like this are for awareness and education purpose. I don’t do things to invade privacy. I will not make any hack public until I don’t think I should.