It’s not unreasonable for you to expect your message history to disappear from your phone when a chat is deleted — especially given WhatsApp’s recent focus on privacy with the introduction of end-to-end encryption.
But recent reports have revealed that instead of properly deleting messages, the app retains a memory of chats that could be recovered using forensic tools by law enforcement or anyone else with access to the device.
“Sorry, folks, while experts are saying the encryption checks out in WhatsApp, it looks like the latest version of the app tested leaves forensic trace of all of your chats, even after you’ve deleted, cleared, or archived them. . . even if you Clear All Chats,” wrote iOS researcher, Jonathan Zdziarski, in a recent blog post.
“In fact, the only way to get rid of them appears to be to delete the app entirely.”
According to the post Jonathan examined disk images taken from the most recent version of the app and discovered that the software retains and stores a forensic trace of the chat logs even after a user has deleted them. This supposedly creates a forensic trace of information that can be recovered by anyone with physical access to the device.
But Jonathan is quick to explain that WhatsApp, “don’t appear to be trying to intentionally preserve data, however the record itself is not being purged or erased from the database, leaving a forensic artefact that can be recovered and reconstructed back into its original form.”
In April this year WhatsApp launched a feature called end-end encryption which prevents carriers and other intermediaries from spying on conversations as they travel across the network.
But the new findings deal with what happens to messages after they reach your phone — particularly when it’s stored on the phone’s disk drive or iCloud storage. Even though the messages are marked as deleted by the WhatsApp they have not been overwritten and therefore are still recoverable through forensic tools, explains Jonathan.
“Law enforcement can potentially issue a warrant with Apple to obtain your deleted WhatsApp logs, which may include deleted messages,” explains Jonathan. “The core issue here is that ephemeral communication is not ephemeral on disk.”
But although it does conflict with many of the privacy promises made by the company in the past, Jonathan explains that users shouldn’t been too surprised by this revelation.
Most all messaging apps leave data traces behind that can be recovered and he warns that people should be aware that their conversation data is being stored, even after deletion.
Sources: wired.co.uk, zdziarski.com, telegraph.co.uk, You.co.za