A trio of serious flaws have been discovered in WhatsApp
During the Black Hat security conference held last week in Las Vegas, security researchers at Check Point discussed several flaws that they found in popular messaging app WhatsApp. The latter, as many of you probably already know, was acquired by Facebook in 2014 for a price north of $21 billion. One of the features that drive users to WhatsApp is its use of end-to-end encryption; this means that a message posted by a user cannot be read by anyone but the recipient. Even Facebook can't see the message. But the flaws found by Check Point have some serious consequences for users.
Check Point also discovered that yet another flaw in WhatsApp could allow a hacker to disguise a public message as a private message. This could lull the recipient into thinking that his or her response will be private when in fact, it would be visible to others. When Check Point originally discovered these three issues last year and pointed them out to Facebook, the company was able to fix this particular problem although the first two flaws remain available for what Check Point calls "threat actors."
"We carefully reviewed this issue a year ago and it is false to suggest there is a vulnerability with the security we provide on WhatsApp. The scenario described here is merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn’t write. We need to be mindful that addressing concerns raised by these researchers could make WhatsApp less private – such as storing information about the origin of messages."-Facebook
So keep in mind that just because WhatsApp has end-to-end encryption, it doesn't mean that there aren't any flaws that can't be exploited for evil reasons.
Things that are NOT allowed: