In addition to weakening forward secrecy, the researchers identified serious privacy concerns. By monitoring how and when devices replenish their depleted prekeys, an attacker can infer whether a device is online, track its activity patterns, or determine the operating system it runs. This type of side-channel analysis enables device fingerprinting and online status tracking without alerting the user or requiring message transmission. For example, if a device fails to refill its prekeys after depletion, it likely indicates the device is ofline — potentially revealing user habits, locations, or sleep schedules.
Worse still, the team demonstrated that overwhelming WhatsApp’s servers with prekey queries could prevent new conversations from being established altogether, effectively enabling a denial-of-service (DoS) attack. In some cases, new chat sessions failed to initiate or phone calls were dropped. With sufficient request volumen — exceeding 2,000 per second — the server began returning error codes that persisted across different clients, blocking legitimate users from obtaining prekey bundles entirely.
Device fingerprinting was also shown to be feasible through the analysis of key ID values and prekey batch sizes. For instance, Android and iOS devices use different schemes for assigning key IDs and initializing batches, allowing an attacker to determine the OS and even approximate the device’s age or usage level. This information could be used for targeted phishing, surveillance, or tailored malware deployment.
At this point…just use Signal 
People ought to have been using Signal for a long time now… really wish people learned of the true inferiority of WhatsApp.
WhatsApp is only on my phone for the people who won’t use Signal 
At least it’s better than SMS, I guess.