WhatsApp is one of the most used applications in the country as well as worldwide. Developers have put in day and night to ensure the application is secured from any malware, however, a recent update may not be as safe as you think.
Researcher Johnathan Zdziarski, shared a blog titled ‘WhatsApp Forensic Artifacts: Chats Aren’t Being Deleted’. According to the iOS expert even if you clear, delete, archive, or even ”Clear All Chats’, all the information is still saved.
He also mentioned that the only way for an individual to get rid of any proof of a chat at all is to completely delete the application.
The result of this theory came as a conclusion when Zdziarski installed the application and created different threads. Afterward, he deleted some, cleared some, archived some. After doing so he made a second backup after selecting the ‘Clear All Chats’ option. All of the deleted SQLite records remained in the database.
WhatsApp is not keeping any record from their end, as their end-to-end encryption policy promotes that they are serious when it comes to privacy. However, the data itself is not being completely erased from the database leaving ‘forensic artifacts’ behind, which can be recovered.
The recovered data can be reconstructed to its original format; meaning every message, picture, recording, document, etc sent through the application can be retrieved. Not only that, anyone with a warrant can access the information without needing consent.
According to the blog, applications which use SQLite are common to leave forensic artifacts behind as the database does not vacuum iOS databases. Instead, when content is deleted, it is added to ‘free list’ instead.
However, the existing material can be overwritten upon if there is storage space required due to deletion of large chunks of data. Apple’s iMessage is one of those applications that faces the same problem. The company has struggled with encryption as iCloud backup stores everything, including private messages.
There are a couple of precautions iPhone users can take to prevent leaving content behind on WhatsApp:
- Set a strong and complex password through iTunes. Do not save the password online, else it can be recovered.
- Use Configurator for pair locking the device; be aware of the risks that come with this option
- Delete the application and then reinstall to flush the database of its material
- Disable iCloud backups
Stay tuned to Brandsynario for more updates.