I don't get why people make such a big problem about this.
First of all, the privacy issues from WhatsApp have been discussed many times before. Yes, the default option "public" is bad, and just like making your profile picture on facebook "public" means anyone can scrape it. The fact that its a mobile app doesn't make it different from a website.
Secondly; people in the comments talk about the fact that you cannot control your precense in WhatsApp, and yes that is indeed a serious privacy problem which has been discussed before, but this article mentions nothing about that.
Third; WhatsApp monitors their network for non-user clients (to prevent spam and non-official clients). You may be able to request profile pictures of 500 people, but what about 1 million? Iterating over such a large set will likely cause a ban of your WhatsApp account, which means you need to spent another 10 bucks on a SIM card which will make it unfeasable to exploit.
Source:
4 years of experience with chat-bots on the WhatsApp network. I got a lot of SIM cards banned from WhatsApp by experimenting how far I could go. Not only sending messages, but also scraping.
WhatsApp does monitor their network and API calls being performed. This way they ban spammers and fake clients going on the WhatsApp network. I suspect they use some form of Machine learning to filter out the non-users and when you're identified: you're getting banned. This means that you can no longer use your phone number and need a new SIM. So this story isn't feasable for "huge amounts of data". You might be able to download a few 100k of profile picutures but you will get banned.