[dermatthias]

One important point here: In the article the author says that the location of the database is /sdcard/WhatsApp/Databases. That's not entirely correct.

It only gets copied there when you use the build in backup feature (Settings -> Chat Settings). Else, it sits "safely" under /data/data/com.whatsapp/databases like every other Android sqlite database.

But nonetheless, WhatsApp was and is not really known for its safety...

[bentcorner]

This needs to be at the top. The fix here is very simple then - prompt the user for a passphrase when doing a backup, allow no passphrase for a "friction free" if you really want to, but give the user the option.

[charleslmunger]

You don't even need a passphrase. Just generate a random key and store it somewhere, like whatsapp's servers.