Fooling WhatsApp’s read receipts system
Before I get into how I broke this WhatsApp feature with a little tinkering, I’m going to start off with the history of sending and receiving messages. It has always been important to let the sender know that their message was received intact. This is what pilots mean when they say “Roger that”. “Roger” was the phonetic alphabet for “R”, which was used in Morse and radio communications to mean “Received”.
On WhatsApp, a modern messaging service, users can not only know when their message is received by the target devices, but also whether the recipient has “seen” the message or not.
I discovered a flaw in the design that lets you properly see whole conversations, in groups and otherwise, without sending your read receipt.
It began with my interest in the immersive mode. This is a full-screen mode on Android that hides the status bar and the navigation bar, thus offering the user a more immersive experience with the app.
I built and ran an Android app to test the immersive mode. Once this was done, the obvious question was “Alright, so my app was built to be compatible with this mode, but what if I force a full-screen upon the apps that are probably not prepared for it on my device?”.
This is when I turned to the app store, to find existing apps that could do this for me. I found a few apps that could create the OS-wide change of hiding the status and navigation bars. It’s important to note that some of these apps do not need any permissions or rooting. However, when the navigation bar is hidden, the soft keyboard cannot be used.
I switched on the full screen mode and visited different apps. It was immediately seen that some apps filled up the extra space left behind by the two bars, some kept the status bar, while others, especially default apps like the clock and android settings occupied the same screen space while leaving the new empty space blank.
Now that the apps’ basic response to the full screen was seen, it was time to see how their functionality was affected. All the apps functioned pretty well despite this change… except WhatsApp.
The WhatsApp landing page did not use the extra space, but the layout of an opened conversation filled up the screen, which was a pleasant surprise. The other side-effect however, was even more surprising.
Conversations that I visited were not marked as read. This warranted further inquiry and I borrowed another phone and to my shock, the other person did not see that I had read his messages!
I tested this out with a few different message types, and this worked with all message types including stickers, text messages, pictures, videos, payments, locations, and contact cards. Voice messages also remain “unseen” , but they have the additional “Played by” notice that is not affected by this full-screen mode. It is not necessary to hide the status bar, as long as the nav bar is hidden through this method.
It turns out that this works on different devices and android versions. I tested it on a Moto G4 Plus (Android 7.0), Moto G Play (Android 7.1), a 2017 Galaxy Tab A running Android 8.1(no soft nav bar) and a One Plus 6T (Android 9.0, Oxygen 9.0)
It fascinates me that WhatsApp read receipts can be tricked in such a simple way, even on the latest versions of Android. I think this is an example of a bug that has remained undetected over all these years, and has consequently stayed through so many versions of Android.
Fooling WhatsApp’s read receipts system
Research & References of Fooling WhatsApp’s read receipts system|A&C Accounting And Tax Services
Source