Â鶹ÒùÔº

Australian politicians have been of risking national security by using the messaging app WhatsApp. At issue was the fact that the application had not been by the Australian Signals Directorate (ASD) and was not on the list of its "Evaluated Products".

Australian media then cited security experts suggesting that the app posed a general security risk, mostly because it had not been assessed by the ASD, Australia's cyber intelligence service.

The irony of this story is that generally have complained bitterly in the past about the use of encryption in messaging applications preventing law enforcement and security agencies from tracking and reading messages between terrorists and criminals. So WhatsApp is either too secure or not secure at all depending on what particular point governments or media are trying to make.

Part of the confusion that surrounds the security of a particular product is that security is not just about the app itself but about the device and operating system it is running on, the communication channel and the same factors at the other end of the communication.

Generally speaking however, WhatsApp is a secure product. It employs an encryption mechanism to communicate messages with other WhatsApp users. The is used in a range of other messaging systems to provide end-to-end encryption including Google's new messaging app . As an added layer of security, identifying keys can be exchanged between people sending messages to each other to allow them to know that their messages have not been hijacked as part of a man-in-the-middle attack. Messages are not stored on a server and are stored in an encrypted format on the device itself. This means that even if someone was able to get the files that the messages are stored in on the phone, which is only really possible on an Android phone that has been "rooted", they would still not be able to read the contents because they are encrypted.

To ensure the security of WhatsApp and messages it stores and sends, there are a number of other things users need to be aware of and do. Most importantly, the phone itself needs to be secure and that means protecting it with a password, pin and/or biometric lock like a fingerprint. The operating system needs to be always up-to-date and apps on Android should never be installed from anywhere other than the Google Play store.

If any of these security measures are compromised, it makes the security of WhatsApp and every other app on the device vulnerable.

There are a couple of other things that WhatsApp users to ensure security. The first is to switch on the option to "Show Security Notifications". This will alert the user if any contact's security code has changed and potentially compromised. The other very important option is to disable cloud backups of messages. This option is designed to allow for messages to be downloaded to other devices but necessarily leaves the messages in an unencrypted form even though the backup itself is encrypted. They are not only then vulnerable to being hacked, but also available to agencies and others who can persuade Apple or Google to give them to them.

The other thing to remember is that messages that are deleted may still leave in the files that they are stored in. So if somebody does manage to get theses files, having deleted the messages doesn't guarantee that they will no longer be there.

it is very important to stress however that when considering the security of messaging apps like WhatsApp, all of the vulnerabilities presented through the device itself are also there for other apps like email. Basically, if a phone is lost or stolen and not locked, anyone with the phone will have access to messages from WhatsApp as well as apps like Mail and Gmail.

Mobile phones that are provided to government employees are "hardened" according to strict this means that the device configuration, operating system software and apps are tightly controlled. Within this type of environment, using WhatsApp presents very little risk for day-to-day "unprotected" communication with others operating on similar environments. Something that the Australian Signals Directorate had apparently was the case.

This article was originally published on . Read the .