Facebook-owned WhatsApp is the most popular messaging platform in the market, and that is because of a lot of reasons.
First, it is cross-platform. It's literally a no gimmick app that is straightforward, reliable, fast, and easy to use. With billions of users, WhatsApp has a huge responsibility to protect those many users from any unwanted incident caused by bugs or other type of vulnerabilities.
This is why the company introduces a portal to put together all of the app's security disclosure in one place, so users have more confidence in using the app.
With it, WhatsApp is making itself at least a bit more transparent regarding how it deals with bugs and vulnerabilities, as well as informing users how and when they are patched.
On the portal's page, WhatsApp wrote that:
On the page, the company described how it completed the rollout its Signal Protocol-powered end-to-end encryption from Open Whisper Systems in 2016.
WhatsApp also said that it is not storing private messages on its servers once they are delivered, and has provided two-step verification system to protect users against unauthorized account access.
"We take the security of our users very seriously and we provide industry leading protections for our users around the world," wrote WhatsApp.
On the portal, WhatsApp said that once a bug is identified, its team will work to fix the issue.
But to keep with the industry's best practices, "we will not disclose security issues until after we have fully investigated any claims, issued any necessary fixes, and made updates widely available through the respective app stores."
Because app stores have policies and rules that WhatsApp needs to obey, it cannot always blatantly detail security advisories within the app release note.
This is why through the portal, the advisory has pages that provide "a comprehensive list of WhatsApp security updates and associated Common Vulnerabilities and Exposures (CVE)."
"We are very committed to transparency and this resource is intended to help the broader technology community benefit from the latest advances in our security efforts. We strongly encourage all users to ensure they keep their WhatsApp up-to-date from their respective app stores and update their mobile operating systems whenever updates are available."
Through the portal when it is launched, the company revealed six previously undisclosed vulnerabilities, which the company has now fixed.
All of which happened in 2020.
WhatsApp said that five of the six vulnerabilities were fixed in the same day, while the remaining one took a few days to address.
Although some of the bugs could have been remotely triggered, the company said it found no evidence of malicious actors actively exploiting the vulnerabilities.