Deleted WhatsApp messages can be recovered

For many users, one of the biggest draws of the messaging service WhatsApp is that it offers end-to-end encryption, guaranteeing all your messages are as secure as possible. 

However, it may not be quite so simple, as a security researcher has discovered that deleting chats from WhatsApp doesn't completely erase them from the device.

The latest version of the app to be tested leaves a forensic trace of all of chats, even after they have been deleted, cleared or archived. There is even residual evidence of their existence eve after the 'Clear All Chats' function has been selected. 

If the researcher findings are accurate, then the only way to get rid of these messages entirely appears to be to delete the whole app from the device. 

Research published by iOS forensics expert Jonathan Zdziarski on his blog revealed that instead of disappearing completely, messages remain hidden inside the app. It is not a matter of them being stored on servers by Facebook – the web giant that bought WhatsApp in 2014 – instead it is an issue of local storage on the app. 

There is no indication that messages are being retained by Facebook – the findings suggest that authorities or unscrupulous hackers could potentially discover messages the user thought they had deleted if they were able to unlock the iPhone or access an iCloud backup of the device and its WhatsApp software. 

“To test, I installed the app and started a few different threads. I then archived some, cleared, some and deleted some threads. I made a second backup after running the 'Clear All Chats' function in WhatsApp. None of these deletion or archival options made any difference in how deleted records were preserved,” Mr Zdziarski explained. 

He emphasised the fact that this does not mean users should panic about how their data is being stored – although it is useful to know that the messages do leave a footprint at the present time. 

Setting a long and complex password for the iPhone through iTunes was suggested as one way to heighten personal security – and it is important that this is not stored in the keychain. Disabling iCloud backups was another option, as these do not honour the backup password. 

“Turning off iCloud and using encrypted backups for your desktop doesn't necessarily mean you're out of the woods,” Mr Zdziarski remarked. “If you used a weak password that can be cracked by popular forensics tools… the backup could be decrypted. Other tools can be used to attack your desktop keychain, where many users store their backup password.”ADNFCR-2155-ID-801822896-ADNFCR

Written by Mazuma

Mazuma Mobile is the UK's most trusted mobile phone recycling service.

Leave a Reply

Your email address will not be published. Required fields are marked *