Controversy broke when a report on Friday revealed Google had indexed invite links to private WhatsApp group chats, meaning anyone can join various private chat groups (including several porn-sharing groups) with a simple search. Google since appears to have modified the search results to stop the invite links from being shown.
According to a report in Motherboard, invitations to WhatsApp group chats were being indexed by Google. Gadgets 360 was able to independently verify the existence of indexed invite links to private WhatsApp groups by searching for “site:chat.whatsapp.com” in Google after the report broke. In the hours following the report however, Google appears to have stopped showing results for that search, instead returning the message “Your search – site:chat.whatsapp.com – did not match any documents.” We’ve reached out to Google to comment on the removal.
The vulnerability of chat invite links has long been discussed, since if access to the publicly shareable links gets into the wrong hands, anyone can enter a group.
The Motherboard team found private groups using specific Google searches and even joined a group intended for NGOs accredited by the UN and had access to all the participants and their phone numbers.
Journalist Jordan Wildon said on Twitter that he discovered that WhatsApp’s “Invite to Group Link” feature lets Google index groups, making them available across the internet since the links are being shared outside of WhatsApp’s secure private messaging service.
“Your WhatsApp groups may not be as secure as you think they are,” Wildon tweeted on Friday, adding that using particular Google searches, people can discover links to the chats.
According to app reverse-engineer Jane Wong, Google has around 470,000 results for a simple search of “site: chat.whatsapp.com”, part of the URL that makes up invites to WhatsApp groups.
WhatsApp spokesperson Alison Bonny said: “Like all content that is shared in searchable public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users.”
“The links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website,” Bonny told The Verge.
Danny Sullivan, Google’s public search liaison, tweeted: “Search engines like Google & others list pages from the open web. That’s what’s happening here. It’s no different than any case where a site allows URLs to be publicly listed. We do offer tools allowing sites to block content being listed in our results.”