A huge WhatsApp design flaw that allows anyone to infiltrate private group chats has been uncovered by security researchers.
Despite the service's end-to-end encryption, experts say hackers can insert people into WhatsApp groups without the permission of the chat's admin.
In response to the study, Facebook, which owns WhatsApp, has said it won't fix the problem, and that group chats 'remain protected' by the app's encryption.
Facebook's Chief Security Officer Alex Stamos wrote on Twitter that the bug is not effective because WhatsApp users are notified when new members join conversations.
The study was presented at the Real World Crypto security conference in Zurich, Switzerland, by a group of researchers from Ruhr University Bochum in Germany.
They found that anyone with control over WhatsApp's servers can add people to private group chats, including staff, hackers and governments who legally demand access.
Once a person has infiltrated a conversation, everyone in the chat automatically shares secret keys with that user.
This means they have access to all future messages, but cannot view past ones.
'The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them,' study coauthor Paul Rosler, told Wired.
The researchers suggest that those seeking absolute privacy should stick to one-to-one chats or use a different encrypted messaging service.