WhatsApp is reportedly developing a new feature called ‘Guest Chats’, which will allow users to communicate with individuals who do not have a WhatsApp account. While the feature has not yet entered the beta phase, experts in the UAE are cautioning that it could open new doors for cybercriminals and privacy breaches, reports Khaleej Times.
According to WABetaInfo, a platform that tracks WhatsApp updates, the feature is expected to be included in a future Android update via the Google Play Beta Program. It would allow WhatsApp users to generate a unique link to invite non-users—referred to as "guests"—into a conversation.
However, cybersecurity professionals are sounding the alarm. Haider Pasha, Chief Security Officer at Palo Alto Networks EMEA, said attackers may take advantage of the anonymity the feature provides. “Without account verification, it becomes much easier for attackers to impersonate others, launch social engineering attacks, or distribute malicious links,” he told Khaleej Times.
He emphasized that this lack of identity verification makes it harder to establish trust in guest conversations. “Users will need to be extra cautious when interacting with unfamiliar contacts.”
Ahmed Ashraf, Senior Security Consultant at Kaspersky, pointed out that while only verified WhatsApp users can send guest links, the method still poses risks. “The guest doesn’t register an account, but their identity is tied to the channel through which the link is shared,” Ashraf explained. He added that the real concern lies in how much user information—such as profile photos or phone numbers—is visible during the chat session.
“If WhatsApp hides the sender’s details, the recipient won’t know who is contacting them,” he said. “If those details are visible, there is at least some form of verification—but it’s still limited.”
Ashraf also warned that malicious actors may exploit the system by generating and sharing fake links in bulk. “While Meta stores the sender’s account information, which can help identify and block abusive users, it’s not foolproof.”
To safeguard against potential risks, experts recommend a series of best practices. Pasha advises activating two-factor authentication (2FA), avoiding unfamiliar links, and never sharing personal information with unknown contacts. “If your account is compromised, reinstall WhatsApp and request a new verification code immediately,” he said.
Ashraf also suggested limiting profile visibility settings to “Contacts Only” and utilizing WhatsApp’s built-in reporting and blocking tools. Additionally, he recommended that WhatsApp implement a control to manually revoke guest sessions, similar to unlinking a device.
“Adding that feature would give users greater control over their digital safety,” he said.
Bd-praritin English/ Jisan