Overview
- The University of Vienna team automated WhatsApp’s contact discovery to test billions of phone combinations and confirm 3.5 billion registered accounts.
- The dataset included profile photos for about 57% of numbers and public profile texts for roughly 29%.
- Regional findings showed high visibility in India and Brazil, and millions of entries in China and Myanmar where the app is banned.
- The researchers say they accessed only public metadata, notified Meta in April 2025, and deleted their copy of the collected data.
- A related enumeration concern was raised in 2017 by Loran Kloeze, and the study warns such metadata can enable spam, fraud, doxxing or targeting.