Security researcher discovers that Facebook-owned WhatsApp isn’t fully deleting users messages

The popular cross-platform messaging app, WhatsApp isn’t fully deleting the user deleted messages from its servers. This was discovered by an independent iOS researcher, Jonathan Zdziarski. Over a billion+ people use WhatsApp mostly from developing nations like India, China, and Brazil. They have come to trust WhatsApp with privacy and security issues ever since it enabled end-to-end encryption this April.

Explaining his findings in a post today  Zdziarski stated that the software retains and stores forensic traces of chat logs even after the chats had been deleted by the WhatsApp users. Zdziarski said that this would create a potential treasure trove of information for anyone with physical access to the device. The same data could also be recoverable through any remote backup systems in place.

Normally when the WhatsApp user deletes a particular message or chat, the data is deleted from within his App. But because it has not been overwritten, it is still recoverable through forensic tools. Zdziarski attributed the problem to the SQLite library used in coding the app, which does not overwrite by default.

Remember, WhatsApp’s end-to-end encryption protects user data only in transit preventing ISPs, hackers, and others from snooping on the users’ conversation as it travels across the network.

Zdziarski’s findings deal with what happens to that data after it reaches the phone, particularly when it’s stored on the phone’s local disk drive or remote iCloud storage. WhatsApp messages are backed up by iCloud without hard encryption, so the finding means police could obtain clear records of conversations through a court order, even if the conversation had been deleted within the app.

“The core issue here is that ephemeral communication is not ephemeral on disk,” Zdziarski wrote in the post.

WhatsApp has not responded to Zdziarski’s findings.