One of the most attractive features — if not the most attractive feature — of WhatsApp is its end-to-end encryption. It has become one of the most popular messaging apps available because users feel safe that no one (not even the government or law enforcement) will be able to get access to the information that is shared on the platform, whether that's messages, phone numbers, bank info, work files, photos, etc.

Or so they thought.

It turns out that the messages sent and received on WhatsApp aren't so secure after all.

A security researcher found a flaw in the iOS version of WhatsApp that reveals that, when a user deletes messages, said messages aren't really gone for good.

iOS researcher Jonathan Zdziarski studied disk images that were taken from the most recent version of WhatsApp and discovered that WhatsApp continues to keep chat logs after messages have been deleted.

"[I]t looks like the latest version of the app tested leaves forensic trace of all of your chats, even after you've deleted, cleared, or archived them ... even if you 'Clear All Chats,'" Zdziarski writes in a blog post.

In all fairness, he states that the messaging app isn't keeping deleted messages on purpose.  Zdziarski reveals that this is actually a common problem apps for iOS that use SQLite, like WhatsApp, face. The app is deleting the record, but the problem is that the record of the chats itself isn't being erased from the database. This is because the record is not overwritten until the database needs free space in the form of extra storage, which usually doesn't happen until more records are made to replace the old one. There's a good chance these records are sitting around in the database for months at a time before completely being erased.

As a result, the data could be recovered. This means that law enforcement could be able to give Apple a warrant to get access to the deleted chat messages made in WhatsApp. This is mainly an iOS problem since, when a user back ups their iPhone, their WhatsApp chat database is copied into their iCloud as a form of backup. Once it's on iCloud, the data is no longer encrypted.

Zdziarski revealed that the only way to truly delete chats in the app is to delete WhatsApp completely.

Although this might have many iOS users worry about their privacy when using WhatsApp, they don't need to freak out, but rather remain aware of this loophole.

Source: Jonathan Zdziarski

Photo: Sam Azgor | Flickr

ⓒ 2021 All rights reserved. Do not reproduce without permission.