The indexed Google links can be accessed by anyone using a simple search query on Google
WhatsApp group invite links and user profiles started showing up yet again on Google search results, according to cybersecurity researcher Rajshekhar Rajaharia. The indexing error is a repeat of February 2020 when Google and WhatsApp had received a lot of criticism as some public groups, along with chats and member information, started showing up on Google search results. The issue was claimed to be resolved back then.
"Your @WhatsApp groups may not be as secure as you think they are. WhatsApp Group Chat Invite Links, User Profiles Made Public Again on @Google Again," Rajaharia pointed out to the vulnerability in a Twitter post.
WhatsApp's indexing of group chat invites is the reason behind the group chats and profiles showing on Google search results. The indexed Google links can be accessed by anyone using a simple search query on Google. Users with the links can join the groups and can see participants along with their phone numbers and the posts that they have shared.
"WhatsApp also allows users to generate rich preview links of group chat invites that eventually may allow search engine crawlers to identify the links and then index them for future searches," Rajaharia added.
Rajaharia on Monday confirmed that WhatsApp has removed all of its group invite & profile links from Google Search.
"WhatsApp removed all of its group invite & profile links from Google Search @ around 1 AM," Rajaharia announced on Twitter on Monday.
"Since March 2020, WhatsApp has included the "noindex" tag on all deep link pages which, according to Google, will exclude them from indexing. We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group invite link at any time.
Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.".