I have observed some confusion as to how WhatsApp secures user information when peoples’ phone numbers change or are recycled by phone service providers. Someone I knew (Alice) started using a new WhatsApp number without deleting the old one; another random person (Bob) got Alice’s old mobile number and set up a WhatsApp account on it. But it still had Alice’s “about” info and display name. I did some digging (mainly on the WhatsApp official FAQs) and here is what I understood.
If Alice wants to use a new phone number on her existing phone, it is a simple matter of changing the phone number on WhatsApp. Upon changing numbers, the data is unlinked from the old number and the profile photo and “about” are transferred to the new number. https://faq.whatsapp.com/en/general/28030001
To use a new number on a new phone, Alice should change to the new number on the old phone, then port it over to the new phone. Why is this necessary? If Alice does not tell WhatsApp that she changed her number, WhatsApp assumes that the two numbers (old and new) belong to two users and does not port over any information. WhatsApp also checks user inactivity. If Alice’s WhatsApp number has been inactive for 45 days, and then Bob activates that number for WhatsApp on a different mobile device, WhatsApp assumes this to be a different user and does not port previous settings (such as profile photo and “about” info). https://faq.whatsapp.com/en/android/24068052
This means that if Bob activates it on a different phone in under 45 days, he may get some information related to Alice’s account, such as Alice’s display picture, “about” and display name. This is what happened in the real-life example that I knew about. If Alice’s contacts have not been notified of the change, Bob will also get new WhatsApp messages intended for Alice. This is the same as for SMS and it should be obvious. Tell your contacts about changes in phone number. WhatsApp has a feature to automatically notify all your contacts if you change your number.
Previous WhatsApp messages are not transferred to the new owner of the phone number, because they are stored on your phones, iCloud or Google backups, not on the WhatsApp servers. WhatsApp provides details on how to transfer messages over to new phones. https://faq.whatsapp.com/en/general/28030001
What if you want to add some extra security to the process? Consider two-step verification. https://faq.whatsapp.com/en/android/26000021