WhatsApp Found To Be Leaving “Forensic Traces” Of Deleted Messages
An iOS researcher named Jonathan Zdziarski has today reported that WhatsApp does not delete message logs even after they have been deleted within the app, potentially allowing those logs to be collected and viewed by a third-party.
While WhatsApp has rightfully been lauded over the last few months for its decision to automatically encrypt all chat traffic by default, that protection only applies to messages while they are being transmitted and received. According to Zdziarski’s findings, the issue isn’t with data in transit but rather data that has been saved locally. While WhatsApp may report that a message thread has been deleted as requested, that thread is not actually deleted from local storage as it has not yet been overwritten.
While that may initially seem like good news because someone would theoretically need access to a device in order to retrieve any messages that have not been overwritten in memory, these messages are also potentially being backed up to services such as iCloud, which itself has been the subject of numerous security scares over the last couple of years.
If someone were to be able to either access an iPhone with messages that are not overwritten, or the WhatsApp files that were backed up to iCloud, then they could potentially have the ability to extract those messages using forensic tools. We’re looking at you here, FBI.
Sorry, folks, while experts are saying the encryption checks out in WhatsApp, it looks like the latest version of the app tested leaves forensic trace of all of your chats, even after you’ve deleted, cleared, or archived them… even if you “Clear All Chats”. In fact, the only way to get rid of them appears to be to delete the app entirely.
It’s important to note that iMessage, Apple’s own messaging client also suffers a similar fate here, with Zdziarski reporting that iMessage is potentially a larger security risk than WhatsApp. He said that “iMessage leaves a lot [of forensic traces]” and that “Signal leaves virtually none.” Signal is the protocol used by WhatsApp in order to protect messages from prying eyes.