The very excellent Electronic Frontier Foundation have recently published an article expressing their security concerns about WhatsApp. In short, these are:
WhatsApp prompts you to choose how often to backup your data to the cloud. These backups are unencrypted and not password protected. The advice is to never back up your messages to the cloud, since that would deliver unencrypted copies of your message log to the cloud provider.
Key change notifications
Key verification is critical to prevent a Man in the Middle attack, in which a third party pretends to be a contact you know. If your contact’s key changes suddenly, this could be an indication that you are being man-in-the-middled (though typically it’s just because your contact has bought a new phone and re-installed the app).
If the encryption key of a contact changes, this fact is hidden away by default. To turn notifications on, go to Account/Security/Security Notifications and switch it on.
WhatsApp provides an HTTPS-secured web interface for users to send and receive messages. This can easily be modified to serve a malicious version of the application which is capable of delivering all your messages to a third party. A better, more secure option would be to provide desktop clients in the form of extensions rather than a web interface.
Facebook data sharing
For full details you can read the original article here.