1) If the article is correct, the Whatsapp team knew about this issue for close to a year. In addition, a string of security related issues (http://en.wikipedia.org/wiki/WhatsApp#Security_concerns) indicates that the organisation lacks either the competency or inclination to prioritise user’s security. Convenience > Security?
2) Even if your messages may not hold anything of interest, note that the Whatsapp application itself has access to information such your contact list, your precise location, your storage card, the ability to record audio/photos and call/receive phone calls and SMSs. It’s also the case that this information (in plain text) is viewable at a cellular level by somebody at your phone service provider.
If you’re using an iOS device, you may be oblivious to much of the above due to the patchy permissions model – to add insult to injury, it’s a paid app on iOS. Note that Whatsapp uses the XMPP protocol, otherwise known as Jabber, which other chat clients such as Google Talk uses, except Whatsapp don’t bother to encrypt it (Google Talk and nearly every other mainstream IM service utilises an SSL encryption layer properly for added security – Whatsapp uses port 443, but transmits in plain text, rendering it obselete).
You can also watch here a demonstration of what anybody with a network sniffer (in this case Wireshark – http://www.wireshark.org/, but also http://mitmproxy.org/) can do with an Whatsapp connection: Can you extract message and photo from Whatsapp?
So what can you do?
Option A) Be careful about what you type on Whatsapp, presume that everything can be intercepted and viewed (which it effectively can). Don’t type sensitive information.
Option B) Head to a local wifi hotspot and see what you can find. Chances are, with the number of people using Whatsapp, it wouldn’t take very long.
Option C) Clone a device’s normal hotspot and wait till their device automatically connects to it to launch a MITM attack. A fascinating video of this in action – http://partners.immunityinc.com/movies/Access_point_impersonation.mp4. Note that iOS devices readily broadcast the details of the last three access points they connected to, everywhere they go.
Option D) Use an alternative messaging service, at least until they have the inclination to patch the security holes. Perhaps a combination of push email and generous SMS allowances which everybody seems to have.
Option E) Ignore all of the above. Ignorance is bliss?