[martinraag]

WhatsApp is over 4 years old with over 300 million (claimed) active users. I would expect them to have addressed security by this point. Especially after their previous blunders, I'd imagine hiring a security expert or having a third party audit their code being on the top of their list. Apparently not.

I think these news and concerns often don't make their way to a bulk of their users, who probably aren't very tech savvy. If they don't see any user defection as a result of these issues being uncovered, then I'm not surprised about their lax stance on security.

[mahyarm]

I think companies start addressing things like security more seriously when they start becoming 'comfortable' companies. Which means securely profitable. Security is higher on the pavlov pyramid of software company needs than 'is a viable business'. I doubt WhatsApp is securely profitable, or flip a switch profitable like amazon.com.

When you are not viable as a business new features or begrudgingly addressing the huge amount of technical debt you generated in your early days so you can deliver new features faster is what you focus on. WhatsApp will only address security when it threatens the viability of their business, which by that time will probably be too late.

[newman314]

LOL. You would cringe at the amount of duct-taped infrastructure that plagues most large enterprises. Their viewpoint often is, "We have a firewall and antivirus so we should be good right"?