Internet Security Blog - Hackology
    Internet Security Blog - Hackology
    How To'sMobileNews

    Request Account Info feature makes WhatsApp GDPR Friendly

    Dr-Hack
    June 16, 2018
    3 comments
    5 min read

    Few days back I tweeted about a new feature which appeared on WhatsApp beta which showed “Request Account Info” and supposedly allowed access to a report through which we can see the groups we have joined, our contacts and profile picture etc.

    At the time of seeing this feature I wasn’t sure what this feature is really about as it doesn’t clearly explain the motive, although now I know why WhatsApp had to provide this detailed report which I have shared at the end of this post. BUT first let me provide you a guide on how you can create your own WhatsApp Account Info and download it.

    [Video] WhatsApp Request Account Info Feature Demo

    WhatsApp Request Account Info Demo

     

    How to Download WhatsApp Account Information

    Using the latest feature of “Request Account Info” , I will show you how you can download your data which is held with WhatsApp.

    Step 1 : Open WhatsApp and go to Settings > Account

    Step 2 : Open “Request Account Info” (Become Beta WhatsApp User if feature not available)

    Request WhatsApp Account Info
    Request WhatsApp Account Info

    Step 3 : Select “Request report” , the process will take 3 days to compile your report – I do not understand why it requires 3 days just to list the data which WhatsApp already has and is given by us.

    Step 4 : When your report will be generated you will get a notification on your device stating ” Your account info report is now available“, you may open it by tapping it or again to go to the “Request Account Info” as shown in Step 1-2.

    WhatsApp Account Info Available Notification
    WhatsApp Account Info Available Notification

    Step 5 : You will be presented by a “Download Report” followed by the date of creation of this report and size of report. Tap on “Download Report

    Download WhatsApp Acount Info
    Download WhatsApp Acount Info

    Step 6 : Once you tap on Download Report it will give you a warning stating that “Your Report contains WhatsApp account information. Only share it with people or apps you trust” , Tap on “Export” and download or save it where ever you desire.

    Export WhatsApp Account Info
    Export WhatsApp Account Info

    Step 7 : That is all you have successfully downloaded WhatsApp Account Info Report.

    What is in WhatsApp Account Information Report

    WhatsApp provided this feature to comply with the GDPR policy as they are now bound to tell the users what data they have on them, thus this feature appeared on our WhatsApp.

    All WhatsApp generated account reports are in  plaintext zip file named “My account info.zip” and contains two files access.html and portability.json. WhatsApp Report contains the following user gather data which also allows you to know how much they gather data on us.

    • GDPR Report : The title of the report
    • User Information : Under user information section WhatsApp lists the following data
      • Report Generation Time
      • Report Request Time
      • Phone Number
      • Name
      • Connection State
      • Online Since
      • Previous / Current IP Address
      • Device Type / Manufacturer
      • App and Device OS Version
      • Web / Desktop Version , Platform
      • About and About Set Time
      • Profile Picture with upload time
      • All WhatsApp Contacts
      • Groups
    • Terms of Service
      • 2016 Terms of Service Accepted with Time
      • Data Sharing Opt-Out
      • 2018 Terms of Service Accepted
    • Registration Information
      • Platform
      • Network Code / Name
      • Device
      • Registration Time
    • Settings
      • Privacy Settings
      • Blocked Contacts

    Interesting Things about WhatsApp Account Report

    Few interesting things I noticed in the report WhatsApp generated about my account

    • Connection State shows OFFLINE so it means the report was taken a time when I was OFFLINE, so the server pings our device during report creation
    • It does record our previous 1 IP address
    • Shows if we have opted out of Data Sharing ,while I do not recall any such feature or request where they asked us for “Data Sharing” so what is this ?
    • 2018 Terms of Service show NO in front of Accepted, weird ?
    • I changed my cell number one year back but it still shows my Network Carrier as the older one while the registration date shows the time when I ported to the newer number
    • Android version under registration shows the time when I first started using WhatsApp
    • I have setup my email address in recovery options but the mention of email address was not made anywhere in this report
    • If this is a GDPR report why while exporting the messages says ” Your Report contains WhatsApp account information. Only share it with people or apps you trust” Which apps or people ? why would I share it with Apps or People ? and why WhatsApp FAQ doesn’t state that its related to GDPR ?

    What is your take with this feature and do you think WhatsApp is being honest here or there is more to it ?

    3 comments

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    You may also like

    Get Wise

    Subscribe to my newsletter to get latest InfoSec / Hacking News (1 Email/week)
    Utopia p2p Ecosystem