Don't use this WhatsApp chat option or your phone number will list in Google's search results
While the Cambridge Analytica scandal cost Facebook a bunch of subscribers, its offshoots like WhatsApp or Instagram were largely spared. The sheer magnitude of the user private data misuse, however, forced WhatsApp co-founder Jan Koum to leave Facebook that year.
Facebook purchased WhatsApp for the insane at the time $21 billion, hoping to capitalize on platform integration but still hasn't done much on that front, plus it has been on and off in hot water over privacy issues ever since.
WhatsApp's Click to Chat feature lets Google search index your phone number
According to Threatpost, where Mr Jayaram shared his observations, when someone uses the Click to Chat option on their website to start a messaging session, the associated phone number is revealed in plain text, as Google would index the code and display the number in its search results.
Your mobile number is visible in plain text in this URL, and anyone who gets hold of the URL can know your mobile number. You cannot revoke it. As individual phone numbers are leaked, an attacker can message them, call them, sell their phone numbers to marketers, spammers, scammers...
Through the WhatsApp profile, they can see the profile photo of the user, and a do reverse-image search to find their other social-media accounts and discover a lot more about about [a targeted individual]
Probed to comment on the matter, WhatsApp basically said that this is not a big deal, as the users have opted to exchange their business phone numbers for convenience:
While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button.
A more elegant option that site owners can do to prevent Click to Chat users from acquiring their phone numbers, according to Mr Jayaram, is to first, encrypt their phone numbers, and then add the infamous robots.txt string to basically tell Google that this info can't be indexed.
Things that are NOT allowed: