Whatsapp is the most popular messenger app and as such developers are continuously trying to keep the app safe from malware.
The recent rise in hacks and surveillance issues with authorities compelled the developers to release an end-to end encryption feature that was rolled out in April. However, the app might not be as secure as you think.
IOS researcher Jonathan Zdziarski recently published a blog which suggests that Whatsapp is retaining traces of messages on your iPhone even after you delete them.
10 hidden WhatsApp features you didn't know existed
Zdzairski explains that he conducted a test where he used the messenger app to send messages which he saved, deleted and cleared. After making a backup, he compared the SQLite records that were the same in both cases meaning that the deletion of records didn’t make any difference. Zdzairski further explained that the app is not intentionally saving messages that users have deleted, but rather has a common problem attributed to SQLite that does not erase the records leaving a forensic artifact that can be used to get the original message.
This case applies to all apps that use SQLite which also include Apple’s iMessage among many others.
This ‘All-in-One’ app lets you use Messenger, WhatsApp and Skype simultaneously
The possible consequences highlighted by Zadzairski include the fact that law enforcement agencies can use this data to decipher messages from deleted chat logs that are backed up on iCloud irrespective of whether you use the build-in sync or not.
Further, anyone with physical access to your device can create a backup that can then be decrypted using password breaking tools. However, users shouldn’t panic as there are ways to get around this problem. The best way to delete the records for good is to uninstall the app that will erase all the data, including that related to SQLite. Zadzairski recommends periodically deleting and reinstalling the app to flush out all the data.
Facebook tests end-to-end encryption on Messenger
Secondly, users need to disable iCloud backups as these do not honor your backup password and the clear text database can be obtained with a warrant by law enforcement agencies.
This article originally appeared on Zdziarski's Blog
Have something to add to this story? Share it in the comments.
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ