The clearest evidence may be hiding in your linked devices.
Bogotá, June 2026
WhatsApp protects personal conversations with end-to-end encryption, but that security does not prevent someone from reading messages through an authorized device linked secretly to the account. A person who briefly gains physical access to an unlocked phone may connect a computer, tablet or secondary smartphone by scanning a QR code. Once linked, that device can continue receiving synchronized conversations without remaining near the primary phone. Reviewing active sessions is therefore one of the most reliable ways to detect unauthorized access.
Users can inspect these connections from the Linked Devices section inside WhatsApp. On Android, the option is generally available through the three-dot menu on the main screen, while iPhone users can find it under Settings. The page displays computers, browsers, tablets and other devices currently associated with the account. It may also show the device type, operating system and approximate time of recent activity.
Any device that the account owner does not recognize should be treated as suspicious. The safest response is to select that session and log it out immediately. Users who remain uncertain can disconnect every linked device and reconnect only those they personally control. This measure interrupts unauthorized access without deleting the conversations stored on the primary phone.
The appearance of an unfamiliar session does not necessarily mean a sophisticated hacker defeated WhatsApp’s encryption. In many cases, the intruder simply used the legitimate multi-device function after obtaining temporary access to the unlocked phone. This can occur in homes, offices, schools or relationships where another person knows the device passcode. Physical security is therefore as important as digital security.
Unexpected notifications may provide another warning. WhatsApp can alert users when a new device is linked or when the account is registered on another telephone. Verification codes arriving by text message without being requested may indicate that someone is attempting to activate the account elsewhere. Those six-digit codes should never be shared, even with a person claiming to represent WhatsApp support.
An attempted registration does not automatically expose existing chats because the attacker still requires the verification code and may face additional security controls. Sharing the code, however, can allow another person to take control of the account and remove access from the legitimate phone. Criminals frequently obtain these numbers through impersonation, fabricated emergencies or messages sent from already compromised contacts. WhatsApp does not ask users to forward their activation codes through a chat or telephone call.
Changes inside conversations may also attract attention, but they are less definitive. Messages appearing as read when the owner has not opened them, archived chats changing position or conversations being deleted could suggest that someone used the phone or a linked device. These signs can also result from accidental actions, synchronization delays or use on an authorized computer. They should prompt a security review rather than serve as proof by themselves.
Unusual battery consumption, overheating or high mobile-data use may indicate malicious software running on a phone, although these symptoms have many ordinary explanations. Operating-system updates, cloud backups, video applications and aging batteries can produce similar effects. Users should avoid assuming that every technical problem represents surveillance. A device-security scan and review of installed applications can provide a more reliable assessment.
Unknown applications with accessibility, notification-reading, screen-recording or device-administrator permissions deserve particular scrutiny. Such privileges can allow malicious software to view content displayed on the screen, capture notifications or control parts of the device. WhatsApp’s encryption cannot protect a message after it appears on a compromised phone. The app secures communication in transit, not every action occurring inside the operating system.
Users should remove applications they do not recognize and install software only through official stores. Modified versions of WhatsApp may promise additional functions such as hidden activity, expanded customization or the ability to view deleted messages. These unofficial applications can expose credentials, violate platform rules and create additional routes for unauthorized access. They may also stop receiving security updates supplied through the official application.
Two-step verification provides an important additional barrier. The feature allows users to create a personal identification number that WhatsApp may request when the account is registered again. It can be activated through Settings, Account and Two-step verification. Adding a recovery email controlled exclusively by the user helps restore access if the PIN is forgotten.
Passkeys offer another layer of protection on supported devices. They use the phone’s biometric authentication or screen-lock credentials instead of relying only on text-message codes. Because a passkey is tied to the user’s device and cannot easily be communicated to a scammer, it reduces the effectiveness of phishing attacks. The availability and exact setup process may vary according to the operating system and WhatsApp version.
The WhatsApp application itself should also be protected with fingerprint, facial recognition or another biometric lock. This prevents a person holding an unlocked telephone from opening the app immediately. Individual conversations can receive additional protection through Chat Lock, which places selected chats behind authentication. These measures are especially useful when several people have legitimate access to the physical device for other purposes.
Lock-screen notifications can reveal private content even when no one enters WhatsApp. A nearby person may read message previews, sender names or authentication codes directly from the display. Disabling detailed previews protects conversations from casual observation. Users should also ensure that their SIM card and mobile telephone account have strong security protections because criminals may attempt to redirect verification messages through SIM-swapping fraud.
Backups require separate attention. End-to-end encryption protects WhatsApp messages during communication, but cloud backups must be configured correctly to receive comparable protection. Users can activate encrypted backups from the Chats and Chat Backup settings. The password or encryption key used for this function must be stored securely because losing it may make the backup impossible to recover.
High-risk individuals, including journalists, public officials, activists and executives, may face more advanced surveillance involving commercial spyware. Such attacks can compromise the entire telephone and cannot always be detected through WhatsApp settings. Persistent unexplained behavior, credible targeting warnings or evidence of sensitive information being exposed may justify examination by a qualified digital-forensics specialist. Factory-resetting a device without preserving evidence can make investigation more difficult.
For most users, however, the immediate security review is straightforward. They should inspect linked devices, terminate unfamiliar sessions, activate two-step verification, enable biometric protection and update WhatsApp and the phone’s operating system. They should also change the device passcode if another person may know it. These actions address the most common pathways through which private conversations are read without permission.
No single visual clue can prove with certainty that someone has secretly accessed a WhatsApp account. The strongest evidence is an unrecognized linked session, an unauthorized registration or confirmed compromise of the phone itself. Security depends not only on encryption but also on control over devices, verification codes and physical access. A few minutes spent reviewing those controls can close a hidden window into years of personal conversations.
La privacidad también requiere vigilancia. / Privacy also requires vigilance.