Skip to main content

Deleted WhatsApp messages can be easily recovered

A security researcher has revealed that unencrypted copies of deleted WhatsApp messages are being stored on iCloud, meaning they can be easily recovered.

The claims made by Jonathan Zdziarski come just a few months after Facebook announced that all forms of WhatsApp message will be encrypted, although researchers later claimed that the encryption actually does very little to protect users.

"The latest version of the app tested leaves forensic trace of all of your chats, even after you’ve deleted, cleared, or archived them… even if you ‘Clear All Chats’," Zdziarski writes. "In fact, the only way to get rid of them appears to be to delete the app entirely."

According to his research of the iOS app, any deleted content is left unchanged and can be recovered using forensics tools by anyone who gains access to the device. Whilst indicators that point to where the content is are removed, the data itself remains on the device and is also backed up to iCloud in an unencrypted form.

"SQLite by default does not vacuum databases on iOS. There is no guarantee the data will be overwritten by the next set of messages. In other apps, I’ve often seen artifacts remain in the database for months. When that data comes off the device as freely as WhatsApp’s database does, it poses a rather serious risk to privacy."

"Law enforcement can potentially issue a warrant with Apple to obtain your deleted WhatsApp chat logs, which may include deleted messages," he added.

The only way to actually delete WhatsApp data is to delete the app entirely and Zdziarski has warned software developers to consider the security and privacy implications of forensic trace when designing new apps.

Image source: Shutterstock/Twin Design