WhatsApp is not fully deleting your chats even after you delete your chats from the app, says a new post by iOS researcher Jonathan Zdziarski. Zdziarski claims to have examined the disk images take from the latest version of the app where he found the app retaining traces of chat logs even after its being deleted.
WhatsApp recently activated end-to-end encryption, but it seems the data is still very much exposed to anyone with physical access to the device. Zdziarski further notes in his report that the data can be recovered using any remote backup systems.
In his research, Jonathan Zdziarski found that the data is deleted by the app but it is never overwritten. Zdziarski considers the use of SQLite library used in coding the app as the reason behind for app default. He says forensic trace is common among any application that uses SQLite, since it does not overwrite data by default.
“The core issue here is that ephemeral communication is not ephemeral on disk,” Zdziarski wrote in the post.
Zdziarski further adds that this problem is not limited to WhatsApp. The iOS researcher has criticised Apple’s iMessage for similar for leaving similar forensic traces. He notes simply keeping deleted data on a secure device is not an issue, but the bigger problem is when the data comes off the device. In the case of WhatsApp, the data comes off in the form of WhatsApp Database.
This very idea puts our otherwise encrypted data in the hands of law enforcement to create backup of your deleted chats with access to physical device.
Does that mean you should panic? Well Zdziarski thinks no but he definitely wants iOS users to be aware of this WhatsApp algorithm.
Is there a way to mitigate the potential threat?
1. Using a really strong iTunes password
2. Disabling iCloud backups
3. Periodically deleting application from the device and reinstalling to flush out the database.
Can WhatsApp fix the small little flaw to make it completely secure? Zdziarski notes that WhatsApp developers should eradicate SQLite database from backup completely. He also attributes techniques that allow developers to overwrite SQLite record.