One of the security features that WhatsApp touts is end-to-end encryption. This means that messages are sent and received encrypted, meaning that even if in the event they are intercepted, they cannot be read by the person(s) intercepting it. However according to security researchers, it seems that isn’t necessarily the case.
In a report from CNET, security researchers from Check Point Software Technologies have discovered that hackers can actually create a hacked version of WhatsApp, in which they can then use to alter a quoted message to change either the content of the message or the username of the sender.
This means that in theory a quoted message could be changed to say something completely different, and be made to look like it could have been sent from someone else. This sounds like it could be a flaw, but according to WhatsApp, it isn’t. Instead they say that verifying quoted messages would create a privacy issue that would slow the app down considerably.
The semi-good news is that while this sounds like a worrying problem, WhatsApp claims that they do work to remove users who are using hacked versions of its service. They also state that they haven’t seen “regular” people send fake quoted messages, meaning that this issue seems more theoretical and limited to the work of researchers, rather than it being a real-life problem.