They ban your IP. Anyway with some effort you can deanonimize a lot of numbers (eg: status/name/profile photo).

Is there a known upper limit on the number of #s one account can have?

I suppose you could use that limit to set up enough WhatsApp accounts on proxies to effectively have access to all registered #s?

There's another startup idea.

The idea being you incentive WhatsApp users to install your app that then harvests all their contacts and collates the "last seen" info on all of them. If they delete your app, you setup a proxy to imitate their device and continue the monitoring. Have a privacy policy that is super strong but has a couple "loopholes" that one can drive a truck through.

Is that the idea? Seems doable if you're not too risk averse, have no family and live in a country with weak extradition laws. Kidding, there's nothing illegal about any of this stuff or FB, Google and lots of other companies would not be in business.

FB would have a civil claim against you -- they paid several billion dollars for the legal right to all that user data!

You wouldn't need an app or other WhatsApp users beyond your distributed proxy accounts. You'd be running the monitoring through these proxies.

Creating an app with the sole purpose of backdooring WhatsApp on a user's phone seems like it'd open you up to a lot of lawsuits. Ethically its a mite more questionable, but the original article is still unethical in that you're monitoring people without consent.

Like I said above, I'd do this just so that they'd crack down on it. It's still a "means justify the ends" argument, however, so you have to be quite comfortable with moral relativism.

It might be worth doing just so WhatsApp will change how they validate access to #s.