With the PRISM scandal, we began to question whether Microsoft, Google, Apple, and Facebook were the only companies working with governments to spy on the behavior of its citizens. Will WhatsApp be one of these companies? Does WhatsApp store its user conversations? News of the threat by Saudi Arabia to declare applications illegal if the server was not established in that country* does not make us feel calm. These sorts of things make us think that users are defenseless and no current measures to ensure the privacy of content shared on these platforms exists.
The main objective of this research is to add a new layer of security and privacy to ensure that in the exchange of information between members of a conversation, both the integrity and confidentiality, cannot be affected by an external attacker. This is achieved through a system to anonymize and encrypt conversations and data sent via WhatsApp, so that when they reach the servers they are not in "plain text" and only readable to the rightful owners.
Different layers have been defined inside a new hierarchy of security. The first layer of security involves encryption, using symmetric private keys and data exchanged between two users. In the second layer, we give a certain level of anonymity to the conversation using fake/anonymous accounts. By using intermediate communication nodes, we ensure that there is no direct communication between the mobile phone and the server.
Finally, a third layer would be set to modify the inner workings of the application, routing all traffic and conversation messages to its own server (XMPP) to ensure the privacy of communication. This would provide the user with their own WhatsApp server.
This technique has been developed to be used in a manner completely transparent to the users. This requires having a rooted Android mobile. If using other platforms like iPhone, we have developed a Raspberry-based platform that will act as an access point to implement these three new layers of security.