The messaging service was notified but has not patched it at all.
This is designed lock out cybercriminals, hackers, 'oppressive regimes, ' and even WhatsApp officials to keep your data private, the company says.
Boelter contacted Facebook about the backdoor back in April 2016, but he was told by the company that this is actually "expected behavior" and it isn't being actively worked on.
The bug arises because of the way WhatsApp encrypts the messages sent via its service.
"WhatsApp's end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol ... to guarantee communications are secure and can not be intercepted by a middleman", the paper wrote.
A spokesperson for WhatsApp told CNNMoney that it does not give governments a backdoor, and said the company would fight any government request to create one.
Third party security firms are critical of Facebook's design decisions in rolling out end-to-end encryption. The vulnerability would allow Facebook to read messages sent through the supposedly-secure system, as well as making it possible for the company to comply with court orders to make messages available to government bodies. The introduction of a backdoor is the weak link.
It's important to note that this vulnerability is not inherent in the Signal protocol.
WhatsApp's end-to-end encryption is based on technology that scrambles messages in such a way that requires keys to unscramble them.
Why is it like it is?
"Anyone who's using WhatsApp shouldn't worry about it", says security expert Sean Sullivan. This change happens often enough, when users switch to a different device or SIM card. "In these situations, we want to make sure people's messages are delivered, not lost in transit".
On Jan. 13, The Guardian published a lengthy report alleging the presence of a "security backdoor" in messaging platform WhatsApp. Regardless of how insidious or not this is, I think that the overall argument to be made is that Whatsapp should act more like Signal.
If you use WhatsApp as a way to avoid government surveillance due to its end-to-end encryption service, you should stop using it immediately. This is not true if you consider that the WhatsApp server can just forward messages without sending the "message was received by recipient" notification (or the double tick), which users might not notice. As we've seen recently with the passage of the Investigatory Powers Act, it may now be possible for the United Kingdom government to force communications providers to backdoor encryption where it's "technically feasible". Signal, for instance, which is recommended by whistleblower Edward Snowden, doesn't have the same security backdoor.