Controversy erupted when a report on Friday showed Google had indexed invite links to private WhatsApp group discussions, meaning anyone can join various private discussion groups (including several porn sharing groups ) with a simple search. Since Google seems to have changed the results of research to stop the invitation links being shown.
According app reverse engineer Jane Wong, Google has about 470 000 results for a simple search “site chat.whatsapp.com” part of the URL that invites to groups WhatsApp.
A misconfiguration by WhatsApp enabled ~470k Group Invite links to be indexed by search engines
— Jane Manchun Wong (@wongmjane) February 21, 2020
It should’ve been `Disallow`ed with robots.txt or with the `noindex` meta tag
thanks @JordanWildon for the tip https://t.co/CJxjJ5qyfh pic.twitter.com/FrW1I9Y8vs
The vulnerability links invitation to chat has long been discussed, because if access to publicly sharable links into the wrong hands, anyone can join a group.
The parent team found private groups with specific Google searches and even joined a group for NGOs accredited by the UN and had access to all the participants and their phone numbers.
The reporter Jordan Wildon said on Twitter that he discovered this feature “Invite the Link Group” WhatsApp allows Google index groups, making them available on the Internet because the links are shared outside the secure private messaging service WhatsApp .
Your WhatsApp groups may not be as safe as you think they are, “Wildon tweeted Friday, adding that Google searches using particular, people can find links to cats.
WhatsApp spokeswoman Alison Bonny said, “As all content that is shared in the public channels searchable invite links that are publicly available on the Internet can be found by other users of WhatsApp. “
Danny Sullivan, Google’s public search liaison, tweeted:
Would be a good time to use Google’s URL removal tool in Search Console. Would hide the entire subdomain while they noindex the content. Robots.txt doesn’t stop urls from being indexed, so that’s not the right move. Hide then deindex, then stop publishing https://t.co/XJwGMh4uII
— Glenn Gabe (@glenngabe) February 21, 2020
the search results are still listed on other search engines like Yandex, Bing and DuckDuckGo
It’s great to see WhatsApp taking steps to fix the oversight. It’s only the first steps though, because, as an open web,
— Jane Manchun Wong (@wongmjane) February 22, 2020
the search results are still listed on other search engines like Yandex, Bing and DuckDuckGo pic.twitter.com/hTth6HciEe