Before we get to the heart of the tutorial, let's explain how to spy WhatsApp for free on Android, it is my duty to provide you with some preliminary information about it, so as to clear your mind as much as possible.
Let's start with a fixed point: WhatsApp is a sufficiently secure service thanks to the use of TextSecure, the end-to-end encryption system exploited by the famous app, for which capturing messages traveling on its servers through "Sniffing" (a well-known technique that consists, in fact, to capture all the data passing on a wireless network using special software that is not too difficult to find, as I explained to you in detail in my guide on the subject) is a very difficult undertaking.
The end-to-end encryption works with a pair of keys: a private key, which resides exclusively on the user's smartphone and serves to decrypt messages received from the outside, and a public key, which is shared with the interlocutor and is used by the latter to encrypt messages delivered to the other account (and vice versa).
In the middle are the WhatsApp servers, which act as intermediaries, i.e. they receive encrypted messages (therefore unreadable both to those responsible for the service and to malicious people) and deliver them to the recipient's device. For more details, you can read my guide on how to encrypt WhatsApp.
The whole process I just described takes place directly in real time and does not require any specific action on the part of the user. The only unknown lies in the actual implementation of this system, since WhatsApp is a closed source software, so it is not possible to thoroughly analyze the source code and therefore know with absolute certainty how it handles messages.
Still on the subject of end-to-end encryption, in case you do not know it, I inform you that this has been introduced in WhatsApp since November 2014, thanks to a collaboration between the team of the famous application and the developers of Whisper Open Systems.
However, some tests, such as the one conducted by Heise in April 2015, showed that end-to-end encryption was only used on the Android version of WhatsApp. In all other cases, an algorithm-based encryption system continued to be exploited. RC4, working only on the way out and considered no longer secure for some time. Now, however, the situation has changed: end-to-end encryption is available for all platforms on which WhatsApp can be used and covers any type of content: messages, group chats, videos, photos, etc.
Despite all this, unfortunately there are other techniques that attackers can consider exploiting to spy on WhatsApp, although they are much more difficult to implement and require direct contact with the victim's device.
How to spy WhatsApp for free on Android
Having made the necessary clarifications above, let's get to the heart of the matter and find out how the bad guys do it to spy WhatsApp for free on Android. Find indicated what are the main techniques just below.
In all cases, keep in mind that we are always dealing with "social engineering" tactics (social engineering), an expression that in technical jargon indicates those activities that exploit human psychology to carry out a cyberattack against a particular victim.
These are systems that, in the specific case of WhatsApp, attackers may consider adopting to spy on chats, contacts, etc., pretending to be an acquaintance or in any case a trusted subject, so that the victim's device can be borrowed for any plausible reason (for example, to make a phone call) but with the real aim of sticking their nose where they shouldn't.
Use of parental control and spy apps.
An attacker who manages to take over the victim's phone can first rely on the use of one of the many spy and parental control applications present on the market, which, in most cases, are completely invisible and also allow to collect messages typed on the phone's keyboard.
It should be noted that applications of this type are widespread for the purpose of legally monitoring the phone of the reference user, first of all to monitor the activities of children when using the smartphone or, in any case, to control the device remotely and take screenshots remotely. However, considering how they work, they also find a broad consensus among the bad guys.
Among the most effective and user-friendly parental control apps currently available are, for example, Qustodio, Screen Time and iKeyMonitor. All, after being installed on the victim's smartphone, let you know if and when the victim accesses WhatsApp and can be used to limit or block the use of the app remotely, as I explained to you in detail in my article on how to spy. Android phones.
Also note that when an attacker cannot have physical access to the phone, he can try to install applications to monitor someone else's terminal also by inviting the victim to download and install the resource he needs through sendingspecific links, passing them off as other content.
Disguising the MAC address
The MAC address (acronym for Media Access Control) is an address consisting of 12 digits, which is used to uniquely identify each network card present in devices connected to the Internet. On Android it is visible in the device settings section related to Information, as I indicated in my post on how to find the MAC address.
Knowing the MAC address can be useful to better configure the home network, to configure the operation of a specific program and to perform various other operations. Bad guys, however, can also try to exploit it to spy on Android-based devices and, consequently, spy on WhatsApp.
In the specific case of the well-known messaging app, by disguising the MAC address of the smartphone, using ad hoc applications, such as BusyBox and Mac Address Ghost (note that they only work if you have performed the root, a procedure I told you about in my specific guide on the subject), in order to make it look like that of another phone, an attacker can "trick" WhatsApp and install a copy of the app on your phone, to receive all the messages from the victim.
Fortunately, however, this is a rather complex operation that also requires a lot of time to complete.
Using the victim's phone number
Another technique that attackers may consider using to spy WhatsApp for free on Android is to exploit the victim's phone number, by installing the known application on their smartphone and delivering the activation code on the target person's cell phone, which, consequently, must be at least temporarily at hand.
However, it should be noted that the technique is effective, but does not work in the long run, as WhatsApp allows associating phone numbers with only one device at a time. Then, when activating WhatsApp with the same mobile number on two phones, the first one stops working soon after and, as a result, the victim may immediately realize that his account is being exploited in an unauthorized way.
Using WhatsApp Web / Desktop
In addition to being available as an app for Android (and iOS / iPadOS), WhatsApp can also be used by Web Design, using any browser, and from a computer, in the form of a client for Windows and macOS. In this specific case, however, the smartphone must be used as a "bridge", previously scanning the appropriate. QR code that appears on the screen from the application settings and checking the Stay Connected option, as I explained in detail in my guide on how to use WhatsApp on PC.
In light of this, an attacker who temporarily took possession of the victim's smartphone on which WhatsApp is "running" could therefore access the famous computer messaging service with the account of the contact person and read the conversations without being disturbed, even once the cell phone of the target user has deleted, since the system is functional even if the devices used are not connected to the same network and are located at a distance from each other.
However, it should be noted that, to date, when the connection is established with an unknown device through the Web or computer version of WhatsApp, a specific notification indicate the thing, so understand if there is any anomalous activity in progress is not so complicated.
Moreover, it should be considered that this risk is completely nullified, in the event that previously a biometric recognition system has been installed on the device of the person to spy on. In this specific case, in fact, even when coming into possession of the victim's phone, it is impossible to connect to WhatsApp Web / Destkop. At the time of scanning the QR Codeinfact, the owner of the device is asked to confirm the operation, using the biometric recognition system configured on the device, such as through the one that requires framing his face or scanning his fingerprint.
How to avoid being spied on WhatsApp
Now that you have finally understood how the bad guys can spy WhatsApp for free on Android, it seems right to show you also and above all how to. prevent this from happening to your account. Below, therefore, you will find a whole series of "tips" and useful tricks that I seriously invite you to take into account so as not to encounter unpleasant situations.
- Do not lend your smartphone - It may seem trivial, but the first suggestion that I invite you to take for granted to prevent someone from spying on your WhatsApp account is not to lend your smartphone, or at least do not leave it in the hands of strangers or untrustworthy people. . Considering that most of the "spying" operations on the famous messaging app are carried out thanks to direct access to the victim's cell phone, it's practically the least you can do!
- Do not install suspicious applications - if someone has invited you to download an application that promises to do who knows what or if you have seen an ad on the Net for an application with "superpowers", stay away from it, since, most likely, it is a resource whose purpose is quite different: to spy on the contents of the smartphone or, even worse, to spread some malware. In this regard, I suggest you install only and only apps from Google Play Store. I also recommend you to disable the function to install content from unknown sources (if it is active, of course), by accessing the Android drawer, selecting the settings icon (the one with the gear wheel), tapping the item related to screen lock and / or for security and continuing OFF the switch you find next to the item Unknown sources.
- Use a secure PIN to lock / unlock your smartphone - if you want to prevent unauthorized third parties from handling the contents of your smartphone and therefore also WhatsApp, I suggest you set a secure PIN to unlock the lock screen of your smartphone or enable a lock / unlock system using fingerprint, visual sequence, facial recognition or iris recognition, depending on the technologies supported by your device. To set up a PIN or an alternative lock/unlock system, simply log in drawer, select the settings icon, tap the text related to screen lock and / or for security and concerning the type of screen lock. Then choose the block typology to be configured and proceed with the relative configurazione, following the guided procedure that is proposed. For more details, read my guide on how to lock an Android phone.
- Enable the screen lock on WhatsApp - Recently a function was implemented on WhatsApp that allows you to block access to the application via fingerprint. I suggest you enable this feature to prevent others from accessing your chats. To do this, therefore, open WhatsApp on your Android smartphone, select the button with i three dots vertically that you find at the top right of the main screen of the application, choose the Settings item in the menu that opens, tap the wording Account present on the next screen and then on that Privacy. Then select the item Fingerprint Lock, ascend ON the corresponding switch, tap the Fingerprint sensor and you're done.
- Disable SMS display on the lock screen - to prevent some malicious person from activating a "cloned" copy of WhatsApp by sending a confirmation SMS to your smartphone, I also suggest you disable SMS display on the lock screen. By doing so, the potential attacker will have to have full access to the device to carry out his plan and if the phone is locked he will not succeed in his attempt. To do this, go to the Android drawer, select the Settings icon, then the item related to Lock Screen and / or to Security and that Notifications. Then select the wording related to content on locked screen and set the Hide content option.
- Reactivate your account in case of deactivation - if someone activated WhatsApp on another smartphone using your number, the service will stop working on your mobile. So, if you suddenly find your account deactivated without having done anything, contact WhatsApp support immediately, using the email address. email@example.com out that someone is most likely trying to steal your identity.
- Check your WhatsApp web sessions - considering the fact that it is possible to violate a WhatsApp user's privacy even by exploiting WhatsApp Web and Desktop, I strongly recommend that you keep an eye on your active account sessions and instantly disable suspicious ones. To do this, open WhatsApp on your Android smartphone, tap the icon three dots vertically located at the top right of the main screen of the application and select the WhatsApp Web item. After doing this, a list will be displayed with the icon of paired devices and the date and time of last use. If you find any suspicious access, disconnect the corresponding device by tapping the corresponding icon and selecting the Disconnect item in the box that appears. You can also disconnect all devices at the same time by selecting the Disconnect from all devices item and then that Disconnect.