WhatsApp messages are not actually removed from the smartphone even if they are deleted or cleared from the device. This exposes the risk of hackers getting access to your personal data if they manage to sneak inside your device.
According to Jonathan Zdziarski, a digital forensic scientist and security expert, more than one billion transcripts of user’s chats remain active even if they are deleted by the user. Moreover, the data will not disappear even if the user clears all data from their smartphone.
If you delete the records from your WhatsApp chat timeline, they will be active in the app’s database. Hence, hackers who can access the phone might be able to recover the deleted messages. If you smartphone has been stolen, the risk of having another user accessing your private data are high.
Discovery of WhatsApp deleted messages behavior
Recently, Zdziarski discovered this phenomenon while examining his disk images using the latest release on WhatsApp on an iPhone. He noticed that when a user deletes chats, the mobile-based messenger shows the data as deleted.
However, new data of chats do not actually overwrite the deleted data track, which enables third-party users to recover the data using any reliable forensic software.
Zdziarski attributes the reason for this behavior to the use of SQLite library in WhatsApp. When law enforcement agencies request for the chat transcript from Apple, it might include deleted messages as well.
Jonathan Zdziarski discloses that iCloud backup content will not be encrypted with your backup password. This is because the password is stored on Apple servers and not on WhatsApp.
Recently, WhatsApp had implemented an encryption feature, which prohibits third-party sources from accessing your chat messages. However, for normal users, this is not much of a concern. But when law enforcement agencies place a request for the transcripts, the provided information will have deleted information.
Zdziarski points out that there is no reason to panic. However, the general public should be aware of how WhatsApp footprint in the background.
Resolution
In addition to other methods, which he mentioned on his blog, Zdziarski suggests that this problem can be eliminated by enabling PRAGMA secure_delete=ON before deleting the message. This code will automatically overwrite content on the deleted messages.
Alternatively, you can make use of raw files or encrypted CoreData to store data. Zdziarski hopes that WhatsApp will issue an update to fix the problem in future. Owned by Facebook, WhatsApp had implemented encryption technology where every message or calls are completely protected directly in the application.
The above revelation by a noted security expert raises serious concerns about the ultimate security and privacy of WhatsApp.
