On instant messaging applications such as WeChat, WhatsApp, Telegram, LINE, Signal, or Facebook Messenger, if you add a stranger as a contact and can accurately determine their phone number — that sounds pretty incredible, doesn’t it?
Conversely, if someone could accurately figure out your phone number, wouldn’t that be surprising?
In fact, this method is not very complicated — it just requires some effort. The basic idea is as follows:
1. Obtain the local mobile number ranges
For example, a particular city have the mobile number ranges.
An attacker can first collect these number segments to use later for batch matching.
2. Build a mapping between phone numbers and profile photos / display names
Using the app’s “Add Contact” or “Search by Phone Number” feature (without actually sending friend requests), the attacker can iterate through these numbers in bulk.
The system usually displays the user’s profile photo and nickname corresponding to each number.
These results can be stored in a local database that records the mapping between each phone number and its associated photo and nickname —
for example:
- Phone Number A → Avatar A, Nickname A
- Phone Number B → Avatar B, Nickname B
3. Reverse match using the “Nearby People” feature
Next, the attacker can open the app’s Nearby People or Explore Nearby Users function to view the profile photos and nicknames of nearby strangers.
By performing image similarity matching against the locally stored database, the attacker can infer the possible phone numbers of those nearby users.
This approach can successfully identify part of the users’ phone numbers, though not all — the accuracy mainly depends on whether the target user allows being found via their phone number.
4. Applicability
This technique can be applied to various instant messaging and social networking platforms — any app that allows users to register or be searched by phone number could face similar privacy risks.
Recommendations for Prevention
(1) For individual users:
There is currently no foolproof way to prevent this. Avoid using “Nearby People,” “Find Nearby Friends,” or similar location-based discovery features frequently.
(2) For platform providers:
Instant messaging platforms should enhance their privacy protection mechanisms.
For example, they could allow users to configure different profile photos for different contexts, so that the avatar shown in “Nearby People” is different from the one shown to friends or contacts.
Top comments (0)