Internet Security Blog - Hackology

Request Account Info feature makes WhatsApp GDPR Friendly

Few days back I tweeted about a new feature which appeared on WhatsApp beta which showed “Request Account Info” and supposedly allowed access to a report through which we can see the groups we have joined, our contacts and profile picture etc.

At the time of seeing this feature I wasn’t sure what this feature is really about as it doesn’t clearly explain the motive, although now I know why WhatsApp had to provide this detailed report which I have shared at the end of this post. BUT first let me provide you a guide on how you can create your own WhatsApp Account Info and download it.

[Video] WhatsApp Request Account Info Feature Demo

 

How to Download WhatsApp Account Information

Using the latest feature of “Request Account Info” , I will show you how you can download your data which is held with WhatsApp.

Step 1 : Open WhatsApp and go to Settings > Account

Step 2 : Open “Request Account Info” (Become Beta WhatsApp User if feature not available)

Request WhatsApp Account Info
Request WhatsApp Account Info

Step 3 : Select “Request report” , the process will take 3 days to compile your report – I do not understand why it requires 3 days just to list the data which WhatsApp already has and is given by us.

Step 4 : When your report will be generated you will get a notification on your device stating ” Your account info report is now available“, you may open it by tapping it or again to go to the “Request Account Info” as shown in Step 1-2.

WhatsApp Account Info Available Notification
WhatsApp Account Info Available Notification

Step 5 : You will be presented by a “Download Report” followed by the date of creation of this report and size of report. Tap on “Download Report

Download WhatsApp Acount Info
Download WhatsApp Acount Info

Step 6 : Once you tap on Download Report it will give you a warning stating that “Your Report contains WhatsApp account information. Only share it with people or apps you trust” , Tap on “Export” and download or save it where ever you desire.

Export WhatsApp Account Info
Export WhatsApp Account Info

Step 7 : That is all you have successfully downloaded WhatsApp Account Info Report.

What is in WhatsApp Account Information Report

WhatsApp provided this feature to comply with the GDPR policy as they are now bound to tell the users what data they have on them, thus this feature appeared on our WhatsApp.

All WhatsApp generated account reports are in  plaintext zip file named “My account info.zip” and contains two files access.html and portability.json. WhatsApp Report contains the following user gather data which also allows you to know how much they gather data on us.

  • GDPR Report : The title of the report
  • User Information : Under user information section WhatsApp lists the following data
    • Report Generation Time
    • Report Request Time
    • Phone Number
    • Name
    • Connection State
    • Online Since
    • Previous / Current IP Address
    • Device Type / Manufacturer
    • App and Device OS Version
    • Web / Desktop Version , Platform
    • About and About Set Time
    • Profile Picture with upload time
    • All WhatsApp Contacts
    • Groups
  • Terms of Service
    • 2016 Terms of Service Accepted with Time
    • Data Sharing Opt-Out
    • 2018 Terms of Service Accepted
  • Registration Information
    • Platform
    • Network Code / Name
    • Device
    • Registration Time
  • Settings
    • Privacy Settings
    • Blocked Contacts

Interesting Things about WhatsApp Account Report

Few interesting things I noticed in the report WhatsApp generated about my account

  • Connection State shows OFFLINE so it means the report was taken a time when I was OFFLINE, so the server pings our device during report creation
  • It does record our previous 1 IP address
  • Shows if we have opted out of Data Sharing ,while I do not recall any such feature or request where they asked us for “Data Sharing” so what is this ?
  • 2018 Terms of Service show NO in front of Accepted, weird ?
  • I changed my cell number one year back but it still shows my Network Carrier as the older one while the registration date shows the time when I ported to the newer number
  • Android version under registration shows the time when I first started using WhatsApp
  • I have setup my email address in recovery options but the mention of email address was not made anywhere in this report
  • If this is a GDPR report why while exporting the messages says ” Your Report contains WhatsApp account information. Only share it with people or apps you trust” Which apps or people ? why would I share it with Apps or People ? and why WhatsApp FAQ doesn’t state that its related to GDPR ?

What is your take with this feature and do you think WhatsApp is being honest here or there is more to it ?

3 comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get Wise

Subscribe to my newsletter to get latest InfoSec / Hacking News (1 Email/week)
Utopia p2p Ecosystem

Discover more from Internet Security Blog - Hackology

Subscribe now to keep reading and get access to the full archive.

Continue reading