As YetAnotherNick said, logout might be the better word to describe the impact here (plus, a fairly aggressive inactivity deletion period).
I agree with you in principle, but I still don’t understand how else to mitigate this: WhatsApp must get a lot of cases of stolen unprotected phones. The victim can ask their operator to lock the SIM card, but their WhatsApp account would still be out in the open.
With the continuous improvements in mobile OS security defaults, I’d expect this scenario to become less and less of a problem, but it must still be accounted for.
The process still goes through support ticketing, so I’d expect a spike to be noticed and stopped.
Whoops, my comment isn't very clear, sorry. I meant: "but their account would still be active and in the hands of the thief, if there is no way to quickly deactivate it, e.g. before receiving a new SIM card from their operator that would enable you to prove your identity to WhatsApp."
Do you mean how long is account recovery by the SIM/number owner possible, or how long can the phone thief continue using the WhatsApp account if the owner doesn't recover?
Maybe I misunderstood the comment you and parent comment were making. I interpreted it as "they can recover it via SIM, so the lockout method isn't needed".
My point to that is that it is true, but the lockout would prevent a thief from using it until the new SIM is received. Versus a thief having access until the new SIM is received.
I use telegram instead of Whatsapp, but I would hate for anyone to have any time at all on my account. I'd prefer to immediately lock the whole thing down and figure it out once I have everything sorted.
I agree with you in principle, but I still don’t understand how else to mitigate this: WhatsApp must get a lot of cases of stolen unprotected phones. The victim can ask their operator to lock the SIM card, but their WhatsApp account would still be out in the open.
With the continuous improvements in mobile OS security defaults, I’d expect this scenario to become less and less of a problem, but it must still be accounted for.
The process still goes through support ticketing, so I’d expect a spike to be noticed and stopped.