WhatsApp had shared information regarding a security issue with the government earlier this year, but it was full of "pure technical jargon" and did not mention the spyware attack, government sources claim.
This development comes a day after the Facebook-owned messaging app clarified that it had notified the Indian authorities about the privacy breach in May this year.
Government sources told India Today that the officials at WhatsApp had alerted CERT-IN, which is a government agency about the "security issue" in May this year but did not mention anything about Pegasus spyware or the degree of the breach. They also stated that the details shared with CERT-IN were only about a technical vulnerability and did not mention anything about snooping on Indian citizens or that their privacy has been compromised.
"Our highest priority is the privacy and security of WhatsApp users. In May, we quickly resolved a security issue and notified relevant Indian and international government authorities," WhatsApp said in a statement on Friday.
The government sources also circulated the screenshot of the information WhatsApp had shared with CERT-IN to back their claim.
Facebook-owned WhatsApp has accused Israel-based NSO Group of using spyware to snoop on academics, lawyers, journalists and human rights activists in various countries, including India. In a lawsuit filed in a US federal court, WhatsApp alleged that NSO Group used spyware called 'Pegasus' to target over 1,400 WhatsApp users, a few of them in India. As per WhatsApp, the spyware targeted victims by giving missed calls on their mobile phones.
It said the attack was developed to access messages after they were decrypted on an infected device, abusing in-app vulnerabilities and the operating systems that power mobile phones. "WhatsApp cares deeply about the privacy and security of our users... which is why we provide end-to-end encryption for all messages and calls by default," said the company, adding it's the first time it had taken legal action against a private entity who had carried out this type of attack.
WhatsApp said an NSO employee had even acknowledged that the company's steps to remediate the attack were "effective". "We are seeking a permanent injunction banning NSO from using our service," said WhatsApp.
As per India Today sources, Israeli firm NSO a few years ago had tried to sell the spyware to Central Police Organisation, which comes under the Ministry of Home Affairs. In their sales pitch, the NSO had claimed to have sold the product to country's premier intelligence agencies.