WhatsApp: How do I download update, am I affected by spyware and how do I fix it?

Your support helps us to tell the story

Support Now

Find out moreClose

As your White House correspondent, I ask the tough questions and seek the answers that matter.

Your support enables me to be in the room, pressing for transparency and accountability. Without your contributions, we wouldn't have the resources to challenge those in power.

Your donation makes it possible for us to keep doing this important work, keeping you informed every step of the way to the November election

Andrew Feinberg

White House Correspondent

WhatsApp users across the world are vulnerable to an attack that could take over their phone with just one missed call.

The security bug – since fixed by WhatsApp, but not before it could affect dozens of people – has led to concern about just how safe the encrypted chat app really is.

But protecting your phone from the latest attack is fairly simple. It mostly just means checking on some apps and ensuring that everything is up to date.

Users have been urged by WhatsApp to make sure they do that as soon as they can, in order to keep themselves and their phone safe.

Not doing so could allow people exploiting the bug to take over the phone through the app, giving them untold access to personal and private information.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," a WhatsApp spokesperon said. "We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users.”

The bug was found earlier this month, the company said, and it has been working to ensure that it is fixed since then.

It is still not clear how it came about but the technology to exploit the bug is thought to have been sold by cyber security experts, who gave it to governments in order to allow them to spy on citizens.

Anyone using WhatsApp, or WhatsApp for business. Its versions on iOS and Android are affected, but so are those on Windows or Tizen.

That means more than 1.5 billion people around the world could have been hit by the attack. But the actual number affected is thought to be much lower, with the exploit only being used to target a select number of people, according to WhatsApp.

First, update the app on your phone.

On iOS, that's done by heading into the App Store and clicking "Updates", and updating if you are on a version earlier than 2.19.51. On Android, open up the Play Store, click into the menu and choose my apps and games, where you should find WhatsApp, which should be version 2.19.134 or later.

You may find those are up to date without you actually having to do anything. Both operating systems now automatically update their own apps, and in most cases will probably have downloaded the new version already.

You should also make sure that your phone is updated. While the specifics of the attack and the way that it interacts with the rest of your phone's software are still unclear, ensuring that you have the latest version of the operating system will keep you safe from other bugs and security failings too.

WhatsApp also says that it has made changes in its infrastructure that stop the attack taking place.

It's first worth noting that – while vigilance is incredibly important – the likelihood is that you haven't been targeted.

The technology to use the exploit is a highly developed tool, reportedly sold to governments and kept tightly under wraps, and it is thought to have been used on dissidents and activists. While the number of people affected is alarmingly high, at a few dozen, it is still only a tiny proportion of the number of people using WhatsApp.

Still, it is very much worthwhile to think about whether you might have been affected by the exploit.

The way the exploit is seized upon is for someone to ring you. You don't need to answer the phone, so all it takes is that missed call – and that is the central clue that something has happened.

Anyone affected will probably have a mysterious missed call or two from a number they don't recognise. Most likely you will not have spoken to the person who called, but if you've been receiving suspicious calls from unexplained numbers then it is worth thinking about whether something has happened to you.

In the very unlikely event that it has, it may be worth stopping using WhatsApp and deleting the app from your phone, which will also stop the exploit from working. Check in with WhatsApp itself and with cyber security experts, who should be able to advise the best way to proceed, especially if you work in especially sensitive industries or may have been targeted for specific reasons.