It might seem a little weird to you, but one of the easiest ways to spy on a contact on WhatsApp is to use a service made available directly by the famous messaging app: WhatsApp Web!
If you haven't heard of it yet, WhatsApp Web is nothing more than a service that allows you to access WhatsApp from your browser by "repeating" what happens in the app installed on your smartphone (in fact, it only works if the mobile device is turned on and connected to the Internet ). Accessing WhatsApp Web is extremely simple: just open the main page of the service, frame a QR code that appears on the screen through the mobile app and that's it.
If necessary, it is also possible to ensure that the connection to WhatsApp remains active after closing the browser, by placing the check mark next to the box Stay connectedThis eliminates the need to scan the code at the next login, so you can go directly to the chats.
It is precisely in this possibility that the security "flaw" lies! In fact, since WhatsApp Web does not require that the phone and the PC be in the same network, it is sufficient for the spy on duty to steal your phone with an excuse and, while you are distracted, make the association to his computer via WhatsApp Web. this way, they can have undisturbed access to your conversations at any time.
Quite creepy, don't you think? Yes, I fully agree, however I have good news to tell you about it: opening WhatsApp Web involves sending a notification to your device immediately, so if someone were to sneak into your WhatsApp in this way, you you'll know.
Furthermore, if an unlocking system via biometric recognition is activated on your device (such as Face ID or Touch ID on iPhone / iPad, for example), this system is also required to confirm the connection to Web WhatsApp. Therefore, if an attacker has access to WhatsApp on an already unlocked device, they will not be able to spy on you through the connection with WhatsApp Web, as it is necessary to confirm the operation with facial recognition or fingerprint.
Note: the speech made so far also applies to the WhatsApp Desktop program.
How to protect yourself
At this point, are you wondering if there is a method to understand if connections have been started between WhatsApp and PC that should not be associated? Yes, it can be done very easily.
To get started, start the WhatsApp app, access the chat list, press the button (⋮) su Android or the card Settings su iOS and play the voice Web WhatsApp located in the menu proposed by Android, or the item WhatsApp Web / Desktop attached to the panel displayed on iOS.
If everything went smoothly, you should be able to see the entire list of connected computers, with related information on the browser, operating system, To position and date of last access. If the list contains an unexpected activity for you, tap the entry for the suspicious computer and tap the button Disconnect. Alternatively, you can disconnect from all the computers your WhatsApp is associated with by pressing the button Disconnect from all computers and confirming the operation by tapping on Disconnect.
Spy app
Spying on a phone may not be an easy task but, unfortunately, there is a specific category of apps designed with this in mind: these are the spy-app. In fact, they hide from the eyes of the unfortunate victim and are able to keep track of all his activities: everything that is typed on the keyboard (these apps are called keylogger), incoming and outgoing calls, apps used, websites visited and much more.
Spy apps do not require very advanced technical knowledge to be used: very often, it is enough to get hold of the victim's smartphone for a few minutes, just long enough to install (via APK package on Android, for example) and configure the app in question and wait for it to start receiving data directly on your PC or portable device.
One of the best known spy apps for Android and iOS is iKeyMonitor, which can be used for free in its basic version; for WhatsApp monitoring, however, you need to purchase an additional package ($ 9,99 for 3 days), or subscribe to the full version of the app ($ 49,99 per month).
In addition to spy apps, legitimate applications for controlling smartphones and tablets, such as app for parental control and anti-theft app. The former, in particular, are designed for monitoring the activities of minors and can be quickly installed from the Play Store. Two of the best known apps of this type are Qustodio (Android / iOS) and Screen Time (Android / iOS).
The anti-theft apps, such as Cerberus for example, are, on the other hand, designed with the specific intent of locating and controlling the smartphone remotely, should it be lost.
At this point, it is very easy to conclude that the unauthorized installation of the apps I have just presented to you, even the perfectly legitimate ones, could be a great way to spy on a contact on WhatsApp.
How to protect yourself
Spy apps can also be invisible to the user's eyes, however they are not completely transparent: you just need to know where to look to be aware of their presence.
Su Android, for example, you have to go to the menu Settings> Security> Device administrators and make sure that among the apps that can administer the device (and which therefore have very advanced permissions) there are no suspicious ones. If so, disable them immediately (by removing the check mark from their name or by moving the relative lever to OFF) and uninstall them.
If your device has been subjected to the root procedure, make sure that there are no spy apps that have elevated permissions: to do this, start the app SuperSU / SuperUser and check the list of apps authorized to act in super-user mode. If you find any suspicious ones, immediately delete them from Android following the classic procedure for uninstalling apps.
The speech for iPhone it's not very different: spy apps (as well as legitimate ones), in this case, are able to create customized profiles for device administration. To make sure of their absence, go to the menu Settings> Profile and Device Management and check that there are no suspicious apps among those that have previously created custom profiles. If the aforementioned menu does not exist, it means that there are no apps on the iPhone that use custom profiles.
If you had jailbroken your iPhone, open Cydia and check that, among the installed packages, there are no spy apps. If so, uninstall them immediately by pressing on the appropriate option. Finally, I strongly advise you to remove the jailbreak, since, to date, this procedure does nothing but unnecessarily expose the device to significant security risks.
Finally, to try to find spy apps that disguise themselves using strange names (and very similar to those of system apps, therefore not apparently suspicious) or not appearing at all in the operating system menus, you can open the browser and try to connect to the addresses localhost: 8888 e localhost: 4444: these are generally used to hide the configuration panel of the aforementioned apps. Alternatively, open the dialer (the area for manual dialing of telephone numbers) and enter the code *12345: some spy apps disguise their management panel right there.
For more information on deleting parental control apps, anti-theft apps and spy apps, I invite you to consult my tutorial on how to delete spy software from your mobile phone, in which I have explained everything to you in even more detail.
App to detect accesses on WhatsApp
In addition to spy apps, anti-theft apps and parental control apps, there is a fourth category of applications that must be taken into consideration: those that promise to be able to spy on a WhatsApp contact by monitoring their access and activity: app to detect accesses on WhatsApp.
In detail, these apps would be able to keep track of a user's WhatsApp activity (accesses made, last access, time spent online and so on), simply by typing their phone number. I use the conditional because if until some time ago these apps were actually useful, today most of them are not working and, indeed, represent a risk for the privacy of those who use them, as they collect the numbers of mobile phones entered in they.
There are really tons of apps of this type: to realize this, try using the search key whatsapp monitor on the Play Store or the App Store. Impressive, right? In any case, for the reasons mentioned above, I advise you to stay away from them.
How to protect yourself
To date, there is not much that can be done to defend against apps to monitor WhatsApp logins (assuming that any of them still work), because the data related to WhatsApp logins can be viewed by their contacts (and, at times, even publicly).
What you can try to do to stem the problem, however, is to protect your WhatsApp profile and prevent your Last Access to other users, by going to the menu Settings> Account> Privacy of WhatsApp. Of course, this is not a definitive solution (as the “online” status is always viewable) but, somehow, it helps.
If you want a targeted study on how to be invisible on WhatsApp, I invite you to take a look at the tutorial that I have entirely dedicated to the topic.
MAC address cloning
As you surely know, WhatsApp does not allow you to use the same number on more than one smartphone and this, let me tell you, is a great luck.
The reason is obvious: if an attacker were to try to connect to WhatsApp using the victim's phone number, even having his phone at hand and being able to obtain the code via SMS, the app would still continue to work on only one device, thus allowing the victim to immediately realize the spy attempt developed.
WhatsApp recognizes the device on which a phone number is used through its own MAC address o MAC address, i.e. a 12-digit hexadecimal code (such as 00:1b:3c:4f:5z:60) which uniquely identifies any device that is able to connect to the Internet. In other words, the MAC Address is unique and represents a sort of “fiscal code” characteristic of the device in question.
However, it must be said that there are apps, such as SpoofMAC for iPhone and Mac address ghost for Android, able to disguise the MAC Address of your device and acquire another one of your choice: the MAC address of smartphones is generally indicated in the section relating to About / About phone Android and iOS, so even in this case, just a moment of distraction is enough to give the attacker the opportunity to appropriate it.
How to protect yourself
As I have already explained to you in my guide on how to clone WhatsApp, the most effective way to defend against this threat is do not lend your smartphone to strangers, so that they cannot have access to the MAC address of the device.
Also, it is a good idea to set a Unlock PIN secure (which could be used to bypass fingerprint / face recognition) e prevent SMS from being viewed from the lock screen, so that any malicious people cannot discover the WhatsApp verification code.
These poisons are Android, you can easily change the PIN / unlock code by going to Settings> Security and Privacy> Screen Lock> PIN / Unlock Code. On iPhoneinstead, you have to bring yourself in Settings> Face ID / Touch ID and Passcode> Change passcode.
To inhibit the display of SMS on the lock screen of Android, go to Settings> Apps and notifications> Notifications> On the lock screen and choose to hide sensitive content. On iPhoneinstead, you have to go in Settings> Notifications> Messages and remove the check mark from the item Show on Lock Screen.
Further information
If you have come this far, it means that you have understood perfectly how to spy on a WhatsApp contact exploiting, in most cases, the same features offered by the messaging app. The ease with which it is often possible to obtain this result, however, has ended up frightening you: although I have suggested some useful tips to apply to protect yourself from such an event, you still do not feel safe and would like to deepen the subject further.
Did I hit the spot? Yup? So, even in this case, I'm happy to be able to help you. In my guide on how not to be spied on WhatsApp, in fact, I have given further emphasis to the topic of "protection", providing you with even more tips to put into practice so that you can keep yourself safe from spies, criminals and curious people. Trust me, it's worth reading!
