This guide covers settings you can tweak on WhatsApp to have greater control over your data as well as good practices to keep in mind while using the messaging app.
Chat backup settings
One of the most important privacy settings in WhatsApp is the chat backup option. WhatsApp uses end-to-end encryption, so your messages are only stored on your device by default and aren't kept on any servers. This means that if you lose your phone or switch to a new one, all your chat history will be gone permanently.
To
help prevent this, WhatsApp offers an optional cloud backup feature: iPhone
users can back up to iCloud, while Android users can use Google Drive. However,
these cloud backups are not end-to-end encrypted in the same way. Anyone who
gains access to your Apple ID or Google account could potentially view them,
and law enforcement might also be able to request access from Apple or
Google—something that's not possible with messages stored only on your device.
For
maximum privacy and control, the best choice is to turn backups off entirely by
selecting "None." Keep in mind that this means you'll need to
manually save any important conversations (e.g., by exporting them) if you want
to keep them.
To disable chat
backups:
- Open WhatsApp.
- Tap the three dots in the top-right
corner.
- Go to Settings > Chats >
Chat backup.
- Set Back up to Google Drive (or
iCloud) to None.
Visibility settings
Your
WhatsApp profile may contain personal details like a profile photo, status
updates, or an "About" section. When communicating with people you
don't fully trust, this information could reveal more about you than you'd
like. As a general rule, we recommend choosing the most restrictive privacy
option available for maximum control.
In
most cases, setting visibility to My Contacts (or My Contacts
Except... to exclude specific people) is sufficiently private. However, if
you have untrusted contacts in your address book, consider setting it to Nobody
or simply leaving these fields empty (e.g., no profile photo, no About text, or
no status).
To adjust these
privacy settings:
- Open WhatsApp.
- Tap the three dots in the top-right
corner (on Android) or go to the bottom tab (on iOS).
- Select Settings > Privacy.
From here, you can
customize options like:
- Profile Photo
- About
- Status (Choose My Contacts, My
Contacts Except..., or Nobody for each.)
The
"Last seen and online" feature lets others see when you were last
active in the app (or if you're currently online). This can inadvertently
reveal that you had access to your phone and internet at a specific time, which
might be used against you in certain situations. Setting "Who can see my
last seen" to Nobody fully disables this (note: you'll also lose
the ability to see others' last seen). For the online status, you can align it
to "Same as last seen" for consistency.
To adjust Last
seen and online:
- In Settings > Privacy,
tap Last seen and online.
- Under "Who can see my last
seen," select Nobody.
- Under "Who can see when I'm
online," select Same as last seen.
App permissions
When
you first set up WhatsApp, it requests various device permissions, including
access to the Phone feature. While verification mainly relies on reading
SMS (which WhatsApp can often handle automatically without explicit SMS
permission via Android's APIs), the Phone permission is now commonly required
for core functions like voice and video calls. This allows WhatsApp to detect
if you're on a regular carrier call and manage interruptions smoothly.
However,
granting this permission theoretically allows the app to initiate regular phone
calls on your behalf (though WhatsApp doesn't do this in practice). For better
privacy, regularly review and revoke any permissions you don't actively use,
such as Phone (if you don't make calls via WhatsApp), Location, or others not
essential for your usage.
These
are managed in your device's system settings, not within the WhatsApp app
itself.
To manage
WhatsApp permissions on Android:
- Long-press the WhatsApp icon on your
home screen or app drawer.
- Tap the info icon (ⓘ) or App info.
- Select Permissions.
- Review and adjust each permission
(e.g., set to Deny for unused ones like Phone or
Location).
Alternative
method:
- Open your device's Settings app.
- Go to Apps (or Apps
& notifications > See all apps).
- Find and tap WhatsApp.
- Tap Permissions.
- Adjust as needed.
On
iOS, permissions are managed similarly via Settings > WhatsApp.
Always prioritize denying access to sensitive features when possible for
greater control over your privacy.
Managing desktop sessions
WhatsApp Web lets you access your WhatsApp account in a browser by scanning a QR code with your phone. For security reasons, always remember to log out when you're done to prevent others who use the same computer or browser from viewing your messages.
We strongly recommend using WhatsApp Web in a private or incognito browsing window. This way, the session automatically ends and clears when you close the tab or window.
You can check all active sessions at any time by going to WhatsApp settings and selecting the "WhatsApp Web" or "Linked Devices" option. If you're not actively using a computer, this list should be empty.
If you notice any unfamiliar devices, immediately tap "Log out from all devices" to revoke access.
App security and two-factor authentication
If
there's a risk that someone could access your phone while it's unlocked,
consider enabling WhatsApp's built-in app lock for extra protection. This adds
a biometric layer, requiring a fingerprint or face scan to open the app—just
like unlocking your device.
Note
that this isn't foolproof, as someone could potentially force you to provide
your biometric data. If you believe this is a possibility, regularly delete
sensitive chats or your entire message history to minimize risks.
To
enable the app lock:
- Open
WhatsApp and tap the three dots menu in the top-right corner.
- Go
to Settings > Account > Privacy.
- Scroll
down and select Fingerprint lock (or Face lock / Screen
lock, depending on your device's biometric options).
- Follow
the prompts to enable it and set your preferred unlock timing.
You
may also want to turn 'security notifications' on. This will alert you when one
of your contact’s security code changes. If one of your contacts changes their
phone, their security code will be changed. But such code change can also
happen in case of hacking. Seeing this notification in a conversation should
be a red flag and you should ensure that the person you are
communicating with is who they say they are
- Open
WhatsApp and tap the three dots in the top right corner
- Tap Settings
> Account > Security
When setting it up, you'll create a unique 6-digit PIN (choose one that's not used elsewhere and easy for you to remember). You'll also have the option to add an email address for PIN recovery—this is optional, and we recommend skipping it unless you have a strong reason to include one, as it introduces a potential additional point of compromise.
To enable two-step
verification:
- Open WhatsApp and tap the three dots
menu in the top-right corner.
- Go to Settings > Account
> Two-step verification.
- Tap Enable, then follow
the prompts to create your PIN (and optionally add an email).
Good practices
- If a stranger starts a conversation with you claiming to be someone you know, try to ensure that they are who they claim they are before providing any information about yourself.
- Joining a group will make your phone number visible to all group members. Before joining a group, we recommend you check who the members are as they will have access to this information.
- Messaging apps such as Whatsapp are often used to send virus through files and links.
- We recommend you be very vigilant before downloading anything sent to you on Whatsapp (such as a file or document that requires to be open on your phone) or clicking links sent by people you don't trust.