WhatsApp might introduce fingerprint authentication — But should you really trust Facebook with your biometrics?

WhatsApp might introduce fingerprint authentication — But should you really trust Facebook with your biometrics?

  • WhatsApp rolled out fingerprint authentication on its beta app implying that it plans to roll out the feature for all WhatsApp users sometime soon in the future.
  • Research and events suggest that fingerprints have become as easy to steal as passwords, provided you know how.
  • Facebook, WhatsApp’s parent company, has faced its fair share of data breaches making users question the social network’s privacy and security.
Most users that own a smartphone, use WhatsApp for all of their messaging requirements. The Facebook-owned messaging platform now has plans to roll out fingerprint authentication for in its Android 2.19.3 update.

What’s concerning is that the new update, if unable to detect your fingerprint, will allow the device to tap into the fingerprint credentials stored on your phone — albeit after your consent.

It may sound like the process is being made more ‘convenient’ but it essentially means that WhatsApp will be picking up your biometric data from your phone.

While WhatsApp has a done a good job of standing up to the Indian government by refusing to give out user data because of its end-to-end encryption, its parent company — Facebook — hasn’t been that lucky having to face a US Congressional Committee. Even India is considering new regulations that will allow it to ask technology companies like WhatsApp to break end-to-end encryption in an attempt to filter out ‘unlawful content’.

Even that was subtly put to rest when WhatsApp’s data backup shifted to cloud, no longer necessitating end-to-end encryption of communication.

More security or more vulnerability

The fingerprint authentication feature is being presented as an extra layer of security on WhatsApp accounts. And, in its simplest definition, it is.

But just like you trust a bank when you deposit your money, you have to trust WhatsApp when sharing any more information about your identity than you already do.

And, at the end of day, it’s not WhatsApp that seems to be the issue but the fact that it’s owned by Facebook — a fact many forget as they claim to block Facebook on their phones and shut down their accounts.

Data collection is a reality of the 21st century yet its implications have never been fully embraced. Not to mention that fingerprints have become as easy to steal as passwords.

Logic states that your fingerprint is unique to you. So when you try to use them to log in anywhere, the computer knows that it’s you trying to gain access. But it’s only unique as long as nobody else manages to make a copy.

In 2014, hackers working for the Chinese government and made off with the personal data of more than 22 million Americans from the Office of Personnel Management — 5.6 million of those people had their fingerprints on file.

Researchers at the Michigan State University were able to print out fake 3D fingerprints for less than $500. More tech-savvy researcher in Tokyo were able to reconstruct a fingerprint based on somebody posing with the ‘peace sign’ fingers on a photo taken from a distance of nine feet.

Michigan State University’s Philip Bontrager told USA Today, “These experiments demonstrate the need for multi-factor authentication and should be a wake-up call for device manufacturers about the implications of artificial fingerprint attacks.”

Facebook has been facing privacy issues since 2003 and is under pressure to prove its credibility as the world’s waits to see whether it upholds the standards set by Europe’s General Data Protection Regulation (GDPR).

Facebook’s trifles with privacy started out by leaking user data to online advertisers to help them understand their consumers — seemingly innocent in retrospect. By 2015, it escalated to a point where the company didn’t even know, until the scandal was exposed, that third-party apps were taking user data without consent.

Trusting anyone with your biometrics data, regardless of whether it’s WhatsApp or Aadhaar, should only be done once a person understand the full extent of the risk so that they won’t be caught off guard in case something should go wrong. India’s Supreme Court also recently clamped down in the use of private biometric Aadhaar data by private companies.

“Once you share them on social media, then they’re gone,” Isao Echizen told the Financial Times.

Either way, third-party locking apps will have some intense competition down the road once the feature officially rolls out on Android and iOS devices.

See also:
WhatsApp data may shift to the cloud, but may no longer be as encrypted

WhatsApp challenged over 'irresponsible' use after the app is used to fuel mass mob lynchings in India

Indian government wants to tap into your WhatsApp messages, other social media