WhatsApp is going through a very turbulent period.
While many users still consider Meta’s app a standard for mass messaging , the general sentiment is shifting toward forced necessity rather than unconditional trust. Recently, Google’s Project Zero division disclosed a critical vulnerability that allowed malicious media files to be spread within newly created group chats.
This flaw specifically affects the Android version and exploits automatic downloads to turn a simple file into an attack vector . The dynamic is disturbing: you could be affected simply by being added to a group by an attacker who sends an infected file. You don’t even need to click or open the attachment, as the system silently downloads it to your device.
The greatest risk, Forbes reports , concerns targeted campaigns, as the attacker must know or guess at least one contact to start the chain. However, once the target is identified, the process is extremely easy for a skilled cybercriminal to replicate. The vulnerability operates behind the scenes, making the victim unaware of the danger already occupying their phone’s memory.
In addition to this technical flaw, Meta is also facing international legal pressure. A group of plaintiffs alleges that the company can store and access private communications, despite promises of end-to-end encryption. This scenario further undermines the perception of security on the platform, prompting experts to recommend immediate and manual protection measures.
To protect yourself, Google strongly recommends disabling automatic media downloads in the app settings . Go to the Storage and Data section and uncheck all file types for Wi-Fi, mobile data, and roaming. This is the only way to prevent a malicious file from landing on your storage without your explicit consent.
Another crucial step is to limit who can add you to groups. Setting this option to “My Contacts” or excluding untrusted numbers drastically reduces the attack surface. Keeping the app constantly updated is the first line of defense for receiving the latest security patches released by developers.
Hiding media files from your Android gallery is an additional layer of caution. Disabling media visibility in your chat settings prevents downloaded files from escaping from the WhatsApp sandbox to other, more vulnerable areas of the operating system. This separation makes it much more difficult for a malicious file to be processed by third-party components.
While we wait for a definitive solution, it’s worth remembering that digital security often depends on small, everyday measures. The research highlights how, despite the attempts at partial fixes that occurred at the end of 2025, caution remains the most effective weapon for every user. Following these protocols reduces the risk of a digital threat turning into a real problem.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
