WhatsApp is enjoying a positive growth thanks to users and also Facebook that is backing up its attempts.
Its usage has escalated further since it started implementing end-to-end encryption to its service.
While encryption is indeed a good thing in terms of privacy, it has raised some serious questions about how the company can fight spammers without even reading users' messages.
End-to-end encryption, or also called E2EE, is a system of communication where only the communicating users can read the messages. To encrypt and decrypt messages, it uses cryptographic keys that are stored on the endpoints. This way, nobody in between should be able to read those messages. Not even internet service providers or WhatsApp itself can tamper them.
So how can WhatsApp's spam filters work when they can't even read contents on users' messages?
Since April 2016, the popular messenger app has been fighting spam with great results, even with E2EE enabled.
"In reality, we actually haven't seen this as a big problem," said WhatsApp software engineer Matt Jones. "We actually reduced spam by about 75 percent from around the time that we launched end-to-end encryption."
Related: End-To-End Encryption, And How It Highlights The Growing Focus On Data Privacy
According to Jones, WhatsApp's spam filters work by looking for unusual behavior and patterns from users in real-time. So for example, the mechanism can be triggered when analyzing how long a suspected spammer user has been registered to its service, or how many messages the user has sent in the last 30 seconds.
The app is also looking for the "reputation” of the internet and mobile providers that the suspected spammers are using. That includes examining the network and the phone numbers to determine if WhatsApp has the number on its blacklist based on related sources in the past.
Other ways include checking whether a potential abusive account has password set up. WhatsApp is also putting its eyes on accounts using scripts to send messages, or users using clients other that the official WhatsApp client.
By analyzing those signals, WhatsApp should be able to determine whether or not a user is a spammer.
WhatsApp spam filters aren't only meant to filter out spams as they can also block accounts. "If we make things expensive for [the spammers], their business model won't work," said Jones.
But the flagging method isn't perfect yet, and it can result in mistakes. Like for example, user with a U.S. phone number suddenly connecting to an internet network in India can trigger the mechanism, Jones said.
While WhatsApp can fight spam without having to read users' messages, and spammers doing suspicious activities can be banned from its service, legitimate users can be banned for no reasons.
WhatsApp has been introducing measures to cut down on incorrect user bans, Jones said.
“We either allow the account to continue or ban it completely. People ask why we don't have some middle ground there. If you think you’re going to trick spammers by not delivering their messages, you’re wrong,” Jones said. "The people who get to this level are already sophisticated."