This article is more than 1 year old

WhatsApp chats not deleted

Deleted WhatsApp chat conversations will loiter on your Apple iOS device and can end up being copied into your backups, warns computer forensics expert Jonathan Zdziarski.

This means if your iPhone is nicked or seized, or someone gets hold of your iCloud or iTunes backups, your recently deleted messages can potentially be extracted. This is due to WhatsApp using SQLite to store and organize conversations, and not securely scrubbing deleted records: when messages are removed, they are really just put on a free list to be overwritten at a later date with fresh stuff. While waiting to be overwritten, messages are sitting there in plain text.

This flaw is not the end of the world – someone has to physically get hold of your device or computer running iTunes or present a warrant to Apple to exploit it – but it could be an annoying privacy headache if you're not aware of it. Should you panic? No, says Zdziarski, who explained:

Simply preserving deleted data on a secure device is not usually a significant issue, but when that data comes off the device as freely as WhatsApp’s database does, it poses a rather serious risk to privacy. Unfortunately, that’s what’s happening here and why this is something users should be aware of.

The WhatsApp chat database gets copied over from the iPhone during a backup, which means it will show up in your iCloud backup and in a desktop backup. Fortunately, desktop backups can be encrypted by enabling the “Encrypt Backups” option in iTunes. Unfortunately, iCloud backups do not honor this encryption, leaving your WhatsApp database subject to law enforcement warrants.

Apple's iMessage has a similar problem, as will other apps that use SQLite insecurely. Signal and Wickr aren't at risk, we're told. There's more details and mitigations on Zdziarski's blog, here. ®

More about

TIP US OFF

Send us news