Previously delivered WhatsApp messages can reportedly be tweaked to change the content or the sender's identity, security researchers say.
Check Point Software Technologies found that hackers can create a hacked version of the app and alter a quoted message (a past one that someone is replying directly one) to change the content or sender, The New York Times reports.
WhatsApp told the Times that it works to remove people using hacked versions of its service, but said the ability to manipulate quotes wasn't a flaw. Verifying each message would create privacy issues or slow the app down too much.
Neither WhatsApp, which is owned by Facebook, nor Checkpoint immediately responded to requests for comment.
Both companies told the paper that they hadn't seen regular people sending fake quoted messages within the service, so this problem appears to be limited to security researchers.
However, misinformation on WhatsApp is an increasing concern, to the point where India's government reportedly asked telecoms to figure out how to block messaging apps if they are misused.
That request came after WhatsApp-spread misinformation resulted the reported lynching of five people in Dhule after a rumor circulated that they abducted children. At least 12 have been attacked as a result of such messages.
India is WhatApp's biggest market, with more than 200 million people using the service.
In July, WhatsApp took steps to combat rumors by limiting message forwarding, introducing a feature that shows if messages have been forwarded and taking out full-page newspaper ads with tips for spotting fake news messages.