WHATSAPP leaks user metadata to attackers by revealing device fingerprints and timing information that can help an observer infer a user’s online habits, such as whether they are online or active, even if the content remains encrypted. The piece centres on Be’ery, cofounder and CTO of Zengo, who designed a jerry-rigged program to plug into WhatsApp and exploit this metadata, a finding he presented at Black Hat Asia 2026.
Be’ery says that such metadata can help attackers tailor and time phishing or other attacks, and that fingerprinting can reveal what kinds of devices a victim uses, potentially aiding surveillance or targeted campaigns. The report notes that WhatsApp’s end-to-end encryption does not prevent metadata leakage, and that WhatsApp has responded by introducing mitigations and features like Silence Unknown Callers, while continuing to adjust various message-type behaviours.
In 2024 Austrian researchers described methods to send application-layer messages that don’t appear on a victim’s device, enabling silent pings that could be used to map activity, a precursor to the patterns discussed in the Black Hat presentation. Dark Reading contacted WhatsApp for comment, with the company confirming the findings and alluding to mitigations under development. 20 April 2026.