Whatsapp security

WhatsApp Messenger is a proprietary, cross-platform instant messaging application for smartphones.
It's popular today, very popular. About 10 billion messages for day.
It's simply and permits us to send free message over a WiFi/3g connection.
But, what about its security? It's very bad. Very very bad.
Until August 2012, messages sent through the WhatsApp service were not encrypted in any way, everything was sent in plaintext. When using WhatsApp in a public WiFi network, anybody was able to sniff incoming and outgoing messages (including file transfers). This is bad no? Any private file can be caught.
Ok..only in a WiFi network.. but a lot of people connects to free hotspot in big city.
However, today Whatsapp uses an encrypt method but.. this encrypt method is broken!!
And the users mobile phone number is still being transferred in plaintext..
Let's go deep.
WhatsApp uses a customized version of the open standard Extensible Messaging and Presence Protocol (XMPP).
XMPP is a communication protocol based on XML, often used for chat, instant messagging and so on.

Upon installation, it creates a user account using one's phone number as username. While the Android version uses an MD5-hashed, reversed-version of the phone's IMEI as password, the iOS version doubles the phone's MAC address and MD5-hashes it.
What's mean?
var IMEI="123456789012345"
var userPass = md5(reverseString(IMEI)) or md5(macAddress)
The IMEI can be obtained if you have physical access to the phone. The MAC address can be found with a network sniffer, too.
And now? There is a working PHP class or a python script available that contains everything needed to build your own WhatsApp client: WhatsAPI
Try it! And don't use Whatsapp! Hangouts is better and secure until now!

This information is for educational purposes only.