| Important information / disclaimer:
1) I am not a lawyer! For this reason, this article does not, cannot and must not provide legal advice. All information has been researched on the internet and all tips & tricks are used at your own risk. For legal advice, please contact a lawyer. 2) The tips & tricks described are possible, but require a certain knowledge of technology, smartphones and apps. Use of the tips & tricks is at your own risk. No guarantee is given for hardware and software. 3) The bad news: The tips only apply to Android. However, a link to a possible solution for iOS is provided at the end of the article. 4) I personally recommend using a GDPR-compliant messenger such as Threema, which I think very highly of and which is also available as a business version for companies and educational institutions. |
Some love the app because of its simplicity and the ability to reach a large number of friends. Others hate the app because it passes on data to the parent company ‘Facebook Inc.’ and therefore also to US servers. Some “WhatsApp critics” even go so far as to accuse ‘Facebook Inc.’ as the parent company of reading WhatsApp messages in detail via so-called “backdoors” despite encryption.
Since the GDPR came into force, many companies have had their hands full restructuring their data and the associated data processing in a new and legally compliant way – a mammoth task. Until now, the rule of thumb has been that the GDPR is largely a problem for companies and has no relevance for private individuals. However, many private users are unaware that the GDPR can also apply to them under certain circumstances. This is the case whenever business names, telephone numbers and other data are stored on a private smartphone and passed on to third parties (individuals and/or companies) and/or read by apps. The crux of the matter: according to some lawyers and experts, this also includes the private telephone numbers of work colleagues.
And let’s be honest, who doesn’t have colleagues’ mobile phone numbers stored on their smartphone?
But even without legal restrictions, there are more and more people who do not want to leave their data and the data of their friends and family members to WhatsApp and Facebook.
Deleting WhatsApp completely would be the simplest but also the most radical step. Unfortunately, however, experience shows that many people (random example) are then cut off from communicating with friends. So what should you do if you want both GDPR and WhatsApp?
Admittedly, data transmission is an important part of WhatsApp’s simplicity and therefore its success. After sharing address book data, every user can immediately see which contacts also use WhatsApp and can write to them, send photos and files or start a video call free of charge. This simplicity offers a huge number of advantages – especially for less technically savvy users. Two or three clicks are enough and everything works. Unfortunately, this usability is also “paid for” with data or with the disclosure of other people’s data.
In security circles, you often hear the statement that WhatsApp is a violation of the GDPR or that it cannot be used in compliance with the GDPR. This statement does not appear to be entirely correct. It is not WhatsApp as an app that is in breach of the GDPR, but the transmission or forwarding of data from the address book. Ergo, you can (please read the disclaimer again) use WhatsApp in compliance with the GDPR as long as you do not transmit or share any data from the phone book.
But how is this supposed to work if WhatsApp demands access to the address book and ALL address data contained therein during installation? And even goes so far as to cancel the installation of the app if access to the phone book is denied? There are several options here.
Off to the data jail – prevent access to data
Android offers the option in the operating system itself to deny apps access to the address book, among other things. This means that WhatsApp can no longer transmit data to US servers. The problem is that the address book was already transferred in full during the very first installation. The access ban therefore only applies to all newly entered contacts. This “trick” would only work if you were to install WhatsApp on a brand new smartphone without saved address data. This means that no names or phone numbers should be stored on the phone or SIM card. You could then install WhatsApp including sharing the address book, transfer the stored phone number (in this case zero) to America and then revoke WhatsApp’s access to the address book again. Unfortunately, this trick doesn’t work for most users (anymore), as everyone always has some kind of address data stored – either on the device or the SIM card.
‘Android Work’ is originally a solution directly from Google, which is subject to a fee and must be purchased by companies as a business solution. The highlight: Android Work installs a kind of second operating system on the (private) smartphone, which works completely independently alongside the original system. Both “levels” have their own phone book, their own apps and their own files. This allows employees to use their own/private smartphones without mixing private and business data. This function is now also available FREE OF CHARGE to private users. The free “Island” app (currently still in the beta phase, but works perfectly) simulates a “work profile” on any modern Android device. The scope of delivery also includes a PlayStore or GooglePlay, through which all apps can be installed and purchased as normal.
If you want to keep both levels completely separate, you can now log in with a completely new Google account. However, the previous Google account should also work. But beware: If address data of friends is stored in this existing Google account (in the Google Cloud), data synchronization may take place here and phone numbers may be synchronized from the cloud. This data is then contained in the “work profile” and is then read out again by WhatsApp. It is recommended
After installing and configuring “Island”, you should first install an address book app so that WhatsApp can find and read it later. Of course, this address book is completely empty as the work profile has no access to the SIM card(s) and the private address book in the device. As a “new” address book, we recommend, for example, the app “Simple contacts – effortless contact management”, which is free and, according to its own description, does not send any data anywhere.
Then install WhatsApp from GooglePlay as usual and have the SMS code sent to your mobile phone number. WhatsApp is now installed on the desktop and can be used. Important: WhatsApp can only be linked to one mobile phone number at a time. So if you have already installed WhatsApp on the first private level, you will be logged out here. You need a completely different mobile phone number, e.g. as with a dual-sim cell phone.
Disadvantages up to this point:
a.) The business profile which is installed by the “Island” app unfortunately goes into a complete sleep mode when not in use. This also means that push notifications no longer work. If you want to receive messages of any kind, you must always activate/start the profile manually. This can be an advantage, but also a disadvantage.
b.) Since WhatsApp does not recognize any contacts on this separate level (remember: the transmitted phone book was empty), no friends can be contacted. However, there are two ways around this. Firstly, you can enter contacts in the second address book who you know for a fact use WhatsApp and who have agreed to WhatsApp’s terms and conditions. Or you can use little tricks to send messages to mobile numbers that have not been saved. Please also read the warning at the end of the article.
The “Iceland” app in everyday life: writing to unknown phone numbers in WhatsApp
WhatsApp doesn’t really like it when you write to unknown mobile phone numbers or numbers that are not saved in the phone book. You should therefore proceed with caution.
a.) The relatively safe trick: Phone call/SMS/other messenger
Probably the simplest trick is to simply ask the contact in question to write a message via WhatsApp by phone call or text message. This “opens” the chat and you can chat back and forth as usual – as long as you don’t delete the chat history. Then the game starts all over again.
b.) The browser trick
This requires a browser such as the free Google Chrome or Firefox browser. This must also be installed on the “work profile”. As the URL, simply enter https://wa.me/“Number of the target person” in the browser line – e.g. https://wa.me/4912345678 (49 is the country code for Germany). Make sure you leave out the two zeros for the country code and the zero for the mobile phone code. After entering (return key) the link, WhatsApp opens automatically and takes the user directly to the chat window with the number entered. A regular message can then be sent here.
c.) The third-party app trick
There are also some free third-party apps that conveniently replicate this function, including
Click to chat [small, no ads], Direct Message – Open chat for WhatsApp, Direct Message for WhatsApp – WhatsDirect and Easy Message.
[IMPORTANT: No statement can be made about the quality and safety of these apps.
All you have to do is enter the recipient’s mobile phone number and the app will automatically open WhatsApp. And WhatsApp can then be used without passing on the address book and therefore other people’s data to ‘Facebook Inc. Unfortunately, there are one or two disadvantages here too.
Disadvantages up to this point:
a.) Data/content:
First, there are two important things to mention. Even if the mobile phone numbers are entered using one of the tricks described above, they will of course still be transmitted to WhatsApp. Anyone who sends customer data or other sensitive data via WhatsApp could possibly run into legal problems here too. Again, please read the disclaimer at the beginning of the article.
b.) Technology:
However, one of the most serious differences is probably the push function mentioned above. As the “work profile” is frozen, all app activities are stopped completely. This means that no more messages are received. So you really do have to reactivate the “work profile” manually every time so that messages are picked up from the WhatsApp server. This deactivates one of the most important – if not the most important – functions. Or you finally have some peace and quiet. Depending on your personal point of view.
You therefore have to use the mobile phone number or the content to identify who you are chatting with. If you use a second address book app for the “business profile” as described in point 2, the names will be displayed again. The profile picture may also help.
With a few tricks, it is possible to use the WhatsApp app in such a way that no data is transferred to WhatsApp as a company and thus to ‘Facebook Inc. However, this requires a few tricks and ultimately also sacrificing the usability/simplicity that many users appreciate so much. A decision that every user has to make for themselves. As an author, I am aware that hardly anyone wants to or will take on these hurdles. This article is therefore more of a theoretical feasibility study. In everyday life, these “tricks” are unlikely to catch on. Here it will more likely come down to “use WhatsApp regularly vs. delete WhatsApp”.
That’s why I prefer GDPR-compliant messengers such as Threema.
One of the 11 reasons why users are blocked on WhatsApp is that they send messages to many unknown mobile numbers or mobile numbers that are not saved in the address book. However, this SPAM protection is probably aimed more at professional SPAMers who send thousands of messages per day to dozens of unknown mobile phone numbers. In a private environment, you should hardly have enough messages and mobile phone numbers to activate the “SPAM alarm”.
Despite these tips and tricks, companies in particular should not take the topic of WhatsApp and Messenger lightly and should always seek advice from a specialist.
Further links:
WhatsApp collects this data from your cell phone
https://www.techbook.de/apps/messenger/whatsapp-zugriff-facebook-datenschutz
Romania: 5,000 euro fine because an employee sent copies of ID cards of underage customers and their legal representatives via #WhatsApp on his private smartphone.
https://twitter.com/cerberus_data/status/1258059530887364609
iOS/Apple apps:
https://tchgdns.de/whatsapp-nachrichten-schreiben-ohne-den-kontakt-zuvor-zu-speichern/
https://www.virtual-solution.com/securepim-government/
Shelter App:
An app that actually does the same thing as Iceland is Shelter. No personal experience.
https://www.kuketz-blog.de/shelter-eine-sandbox-umgebung-fuer-android-apps/
