WhatsApp's Indian regulations fall short

A recent report shows that inexpensive third-party applications and software tools can circumvent regulations implemented by WhatsApp in India. Why have WhatsApp's efforts failed?


WhatsApp is an instant messaging service owned by Facebook. Its ease of access and easy-to-use interface has made it one of the most popular messaging apps. Its one-touch-to-forward function enables a person to send text, multimedia or voice notes to multiple recipients instantly. The app has 1.3 billion subscribers in more than 180 countries.  

Fake news and misinformation spread via social media such as Facebook, Twitter and WhatsApp are a growing problem in India. Incendiary WhatsApp messages have inspired deadly attacks across India.  

India is one of the largest bases for WhatsApp, with over 200 million users. Many small-scale organisations use WhatsApp to conduct daily business over the app. Some Indian WhatsApp users forward large volumes of messages to their contacts, akin to the chain-email phenomenon of the early 2000s. This is often a fertile conduit for rumours, misinformation and "fake news." To curb this, WhatsApp changed its settings only to allow users to forward messages to a maximum of five contacts or group chats, down from the previous limit of 20. 

In the lead-up to the 2019 Lok Sabha elections, WhatsApp claimed to have "made significant product changes and worked with partners across civil society to help address the harmful consequences of misinformation." 


A recent Reuters report found that inexpensive clones and software tools allow Indian digital marketers and political activists bypass anti-spam restrictions implemented by WhatsApp. The report found that WhatsApp was used for political campaigning in several ways. 

Free clone apps were used by some party workers to manually forward mass WhatsApp messages. It is possible for most apps to be reverse engineered so that they flaunt regulations while still accessing the original app's servers. Some clone apps such as "GBWhatsApp" and "JTWhatsApp" have been used by Indian party workers to bypass WhatsApp's restrictions. Both these apps have similar interfaces to WhatsApp and can be downloaded for free. While they may not be available on official app stores, they can be downloaded from technology blogs. WhatsApp says that these apps are unofficial, and users can face bans for using them, although it is difficult to ascertain the casual user. 

Software tools that can be added to WhatsApp to automate the delivery of WhatsApp messages. A digital marketing business said that it used a 1000 Rupee software to send up to 100,000 WhatsApp messages a day. These forwards exceed limits implemented by WhatsApp. A piece of software called "Business Sender" allows a consumer to add multiple mobile numbers and compose messages with pictures. The software also features a "Group Contact Grabber" that enables users to extract all numbers from a particular WhatsApp group easily.A member of the support team who created the software said that the tool was designed in Lebanon four months ago, and takes advantage of a "loophole" in WhatsApp's code. A number of these software tools are available on Amazon's India website. They ship as CD's, without any branding. 

A WhatsApp spokesperson said that the company would take legal action against "imposter" services by sending cease and desist letters. The company said, "We do not want them to operate on our platform and we work to ban them."

The policies instituted by WhatsApp are part of a broader push by Facebook to shore up the dissemination of misinformation and political influencing campaigns on its platforms. However, these efforts have largely been stymied by the continued evolution of tactics to circumvent the implemented reforms. Fundamentally, when Facebook bought WhatsApp, its business model was altered to focus on data collection. Additionally, Facebook pushed for businesses to use WhatsApp through their WhatsApp for Business API, which allows companies to create official profiles. This revenue structure incentivises WhatsApp to secure large amounts of data to push to their business clients. This does not motivate them to tackle issues of misinformation adequately. After all, tracking how users interact with fake news is just as valuable. Simultaneously, the regulations instituted by the company fosters a 'black market' where software companies look to circumvent the restrictions for profit. 


Our assessment is that WhatsApp's efforts to battle misinformation has not succeeded because of the data-centric business model that its parent company Facebook adheres to. We believe that without real-time identification of misinformation, it is difficult to comprehensively curb its effects. This further brings up ethical questions about freedoms of speech and expression versus the societal need to stop the spread of misinformation. However, we feel that it is possible for WhatsApp to stop the proliferation of clone apps and software that circumvent regulations by plugging loopholes embedded in the app's code. 

The report comes on the heels of another WhatsApp vulnerability exploited by private cybersecurity firms to misuse the app. We believe WhatsApp, and Facebook, have much to do to strengthen public trust in their services and the information disseminated on their platforms. 


Image Courtesy - Santeri Viinamäki [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)]