WhatsApp doesn’t delete your ‘deleted’ messages

The iOS app’s vulnerability dents WhatsApp’s security credentials

WhatsApp still stores your conversations even if you delete them, a security researcher has discovered.

The latest version of the iOS app leaves a forensic trace of chats whether or not you delete, clear, or archive your messages, iOS security expert Jonathan Zdziarski said in a blog post yesterday.

The problem, Zdziarski explained, is that once WhatsApp messages are deleted, they enter a "free list" stored locally on your application's SQLite database, and are not deleted from the device until the database needs to free up storage space.

As the researcher said: "The core issue here is that ephemeral communication is not ephemeral on disk."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

But he added: "There is no guarantee the data will be overwritten by the next set of messages. In other apps, I've often seen artifacts remain in the database for months."

This might not be a problem if it were not for the fact that this database of stored messages is sent into your iCloud in routine backups, if you have those enabled.

While WhatsApp recently boosted its security credentials by making end-to-end encryption over the air standard for all types of communication on the platform, iCloud does not allow you to encrypt any backups.

Zdziarski said: "Law enforcement can potentially issue a warrant with Apple to obtain your deleted WhatsApp chat logs, which may include deleted messages. None of your iCloud backup content will be encrypted with your backup password (that's on Apple, not WhatsApp)."

Those relying on using iTunes's Encrypt Backups' option on desktop backups, rather than backing up to iCloud, could fall foul of forensics tools designed to hack passwords, he added.

To mitigate the security risk, the researcher recommended setting up a complex backup password for your iOS device that is not stored in the keychain.

Advertisement - Article continues below

He also urged people to disable iCloud backups, due to iCloud not supporting encryption, and to periodically delete the WhatsApp app in order to flush out the database of deleted records. 

On WhatsApp, Zdziarski said: "A poor design choice could quite realistically result in innocent people sometimes people crucial to liberty being imprisoned.

"The SQLite database does not need to come off in a backup at all. The file itself can be marked in such a way that it will not be backed up. The manufacturer may have set this behavior so that restoring to a new device will not cause you to lose your message history. Unfortunately, the tradeoff for this feature is that it becomes much easier to obtain a copy of this database."

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020