If you are using WhatsApp for most of your communication, you should be careful on what you send on the platform. Since WhatsApp started End-to-End encryption on all messages on its platform, you would be sure that your sensitive and private messages are not being intercepted. However, there is one thing you should know for sure, and will be surprised.
Whenever you clear (or delete) a message, or a batch of messages on WhatsApp, (be it an individual chat or a group message), they disappear from your screen immediately. But you should know that messages that are not seen on your screen, are actually still present on the smartphone, and are not permanently deleted by WhatsApp.
A recent finding from an iOS researcher Jonathan Zdziarski reveals that WhatsApp retains all your messages that you have been deleting. Zdziarski’s findings open up the fact after he scrutinized the disk images from an iPhone with the new version of the WhatsApp. He found that the app retains and stores a forensic trace of the chat logs, even if you are deleting them this creates a ‘treasure trove’ for those who are mining for data. However, in order to get the required data, one needs physical access to the device. He also mentioned that the data could also be recovered from remote backups.
When you delete any data, or chat, the app marks the said information as deleted. However, this data area is not overwritten by new data or chats, which can be recovered by forensic and recovery software. Zdziarski mentions that a new SQLite library is being used to code the new app, which does not delete the data permanently.
Previously, WhatsApp’s End-to-End encryption was praised by many privacy advocates. However, this encryption is only applied when data is being transmitted, preventing carriers and other intermediaries from intercepting on your conversations while the data is travelling over the network. But the findings from Zdziarski deals with what happens when the data reaches the phone, stored on the device and on the cloud as a backup. He claims that cloud backups are not encrypted and the intermediaries can obtain clear records of the conversations by simply applying for a court order.
‘Apple’s iMessage has this problem and it’s just as bad, if not worse. Your SMS.db is stored in an iCloud backup, but copies of it also exist on your iPad, your desktop, and anywhere else you receive iMessages. Deleted content also suffers the same fate,’ said Zdziarski on his blog post.
Should you be worried?
Well, not really; unless you are transmitting sensitive messages. However, you should be aware of how WhatsApp works.
What does this whole issue mean?
Law enforcement agencies can issue a warrant with Apple to obtain your deleted WhatsApp chat logs. These would also include your deleted messages.
Anyone with physical access to your iPhone could create a backup of your data. Unless the device’s access is needs a fingerprint, passcode.
Anyone with physical access to your computer could also get a copy of this data from an existing, unencrypted backup. He could decrypt it using password breaking tools, or recover the password from your keychain....