This article explains in details many security problems of WhatsApp, the widely used instant messaging application.
- The mobile number is sent in plain text over the network
- The username of the account is the mobile number
- The password can be derived either from the MAC address or from the IMEI, both not so secret numbers
- You can ask WhatsApp for some information about arbitrary phone numbers registered with WhatsApp
- The database in your smartphone is encrypted lousily and can be deciphered
I believe at least some of these problems derive from a compromise between security and usability that fell on the wrong side of the common sense. Others might be attributed to laziness or ineptitude.
In any case, you have been warned.
I hope that if enough uproar is generated from this, it will push the WhatsApp guys to rethink and redesign correctly their application.