WhatsApp collects phone numbers, call duration, and a lot of metadata

A group of experts has conducted a research that demonstrates the type of data that can be gathered through the forensic study of WhatsApp.

A new research conducted by forensic researchers at the University of New Haven (F. Karpisek of Brno University of Technology in the Czech Republic, and Ibrahim Baggili and Frank Breitinger, co-directors of the Cyber Forensics Research & Education Group) is worrying the large community of WhatsApp users. The experts demonstrated that the popular messaging service WhatsApp collects data on phone calls, including in numbers, call duration and other information.

“Our research demonstrates the type of data that can be gathered through the forensic study of WhatsApp and provides a path for others to conduct additional studies into the network forensics of messaging apps,” said Baggili.

The experts discovered that WhatsApp implements the FunXMPP protocol, a binary-efficient encoded Extensible Messaging and Presence Protocol (XMPP) for the near-real-time exchange of structured data.

The group of researchers decrypted the connection between the WhatsApp client and servers, then they were able to view exchanged messages using a custom-made command-line tool they have created for the analysis.

According to the boffins, this is the first time a research group has probed how WhatsApp uses signalling messages to establish voice calls.

The team has focused its analysis on the signalling messages exchanged during a WhatsApp call established with an Android device, the experts have studied the authentication process implemented by the WhatsApp clients and uncovered the codec used by WhatsApp for voice media streams, the Opus at 8 or 16 kHz sampling rates.


The analysis of the traffic allowed to discover which data the client sends to the servers while establishing a call. Data includes WhatsApp phone numbers, WhatsApp phone call establishment metadata, date-time stamps, and WhatsApp phone call duration metadata.

The researcher discovered much more, they examined how relay servers are announced and the relay election mechanism, and how WhatsApp clients announce their endpoint addresses to use for the media streaming, along with the relay server IP addresses used during the calls.

The experts published a paper entitled WhatsApp Network Forensics: Decrypting and Understanding WhatsApp Call Signaling Messages that includes details of their study.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase