show image

Your deleted WhatsApp chats may not be as deleted as you think

Deleted WhatsApp chats may still be lingering in the digital waste bin of your iOS device. That’s according to Jonathan Zdziarski, a forensic scientist who is considered “to be among the foremost experts in iOS related digital forensics and security”.

In a blog post, Zdziarski outlines how tests on the latest version of the messenger app found that a “forensic trace” of chats are left behind – including those which have been “deleted, cleared or archived”. It seems the only option for those who truly want to remove any history of a chat is to delete WhatsApp from their device altogether.

The app appears to mark data as deleted, but much of it isn’t overwritten by default and can therefore be recovered using forensic tools.

The issue has been attributed to SQLite – a software library used for coding the app, which maintains a record of information on its own library database. Zdziarski makes it clear that, although WhatsApp deletes records of chats, “the record itself is not being purged or erased from the database, leaving a forensic artefact that can be recovered and reconstructed back into its original form”.

In his post, Zdziarski said:

“Simply preserving deleted data on a secure device is not usually a significant issue, but when that data comes off the device as freely as WhatsApp’s database does, it poses a rather serious risk to privacy.”

WhatsApp databases backed up via iCloud are not encrypted in the same way that end-to-end encryption is employed by the app itself. This may raise additional concerns for many.

Zdziarski doesn’t necessarily believe that there is reason to worry about this. The data can’t be accessed by WhatsApp, let alone third parties. All data is contained within the particular device from which WhatsApp was used. Other popular messenger apps, such as iMessage, operate in this way too.

However, Zdziarski’s finding does mean that law enforcement officials could obtain deleted WhatsApp messages upon request. And anyone with physical access to the device from which messages were sent could create a backup file where they could recover all deleted content.

WhatsApp has been praised by users and privacy advocates alike for its approach to user-security, particularly since adopting end-to-end encryption in April. Zdziarki’s research will no doubt stifle the confidence people have developed in the app over the past few months, which now serves over 1 billion individuals across the globe.