Pegasus Spyware: Whatsapp Downloads In India Are Down By 80 Percent
Since WhatsApp brought Pegasus to the public eye last week, downloads of the app in India have reportedly declined by a staggering 80 percent. Meanwhile, users in India have been looking at another end-to-end encrypted app, Signal, downloads of which are up by 63 percent in the same period of time.
According to data from mobile analytics and intelligence firm Sensor Tower (via Business Standard), the week before WhatsApp that it would be suing NSO Group, the Israeli firm behind the malware, app downloads stood at 8.6 million. Between 26 October and 3 November, downloads fell to 1.8 million.
In the same period, downloads of end-to-end encrypted messaging app Signal increased by 63 percent to 9,600. Telegram messenger (which is based in Russia and offers a secure messaging platform) also saw an increase in downloads in this period by 10 percent, hitting 9,20,000.
Notably, these figures indicate unique downloads. “One download per Apple ID or Google account, not including re-installs, installs to multiple devices owned by the same account, or app updates,” according to Sensor Tower.
On 29 October, WhatsApp revealed that it was suing Israel-based NSO Group for developing the Pegasus spyware that was used to target 1,400 civil rights activists, lawyers, and journalists across the world, including several in India.
While WhatsApp is being singled out here, the fact remains that WhatsApp was oneof several services used to help spread Pegasus.
WhatsApp also claims that it informed the Indian authorities about the vulnerability in May 2019, however, a government official recently said that India’s Computer Emergency Response Team (CERT-IN) could not fathom the magnitude of the situation due to the advisory being full of ‘technical jargon’.
Although WhatsApp ensures that messaging between users on the platform is secure owing to its end-to-end encryption model, the actual contents of the messages shared are not checked. This resulted in the Pegasus spyware getting into users’ phones via an infected link. This link could have been sent via SMS, MMS, Telegram, Signal, email, or any of several dozen other options.
The Indian government, this week, has also reached out to the Reserve Bank of India (RBI) and the National Payments Corporation of India (NPCI) over the risk of payments made through social media apps like Facebook and WhatsApp, which may ultimately lead to a delay in the feature’s launch in the country.