WhatsApp has made headlines in recent months when the Facebook-owned company turned on end-to-end encryption for its more than one billion users, securing any messages being sent from one user to another. However, end-to-end encryption only protects messages while they’re in transit, preventing people from spying and reading your conversations while they travel across the internet. Someone with physical access to your device can still read your messages.
As a result, many users often delete their WhatsApp conversations, some for security, some to declutter the app’s interface and some because their chocolate chip cookie recipes are top secret. However, forensic researcher Jonathan Zdziarski discovered that the popular messaging app, which also has a desktop application, retains and stores a forensic trace of the data on your device. That same data can be easily recovered by a knowledgeable person via any remote backup systems.
“When a record is deleted, it is simply added to a “free list”, but free records do not get overwritten until later on when the database needs the extra storage (usually after many more records are created). If you delete large chunks of messages at once, this causes large chunks of records to end up on this “free list”, and ultimately takes even longer for data to be overwritten by new data. There is no guarantee the data will be overwritten by the next set of messages. In other apps, I’ve often seen artifacts remain in the database for months.”
– Jonathan Zdziarski
While nearly all users are vulnerable, one problem seems to affect iOS users, specifically those that backup their WhatsApp backup to the iCloud (no surprises there), which lets it be subject to warrants. However, employing a weak password on your phone also leaves the WhatsApp backup vulnerable to decryption.
Zdziarski lists many ways to mitigate this unwanted vulnerability, key amongst them to delete the application from your phone periodically.
Source: Jonathan Zdiarski
