A digital forensic expert has discovered that WhatsApp does not completely erase your deleted messages on iPhone.
Examining disk images from the latest version of the app, Jonathan Zdziarski found that the app retains and stores a forensic trace of the chat logs, even if you are deleting them this creates a ‘treasure trove’ for those who are mining for data.
When you delete any data, or chat, the app marks the said information as deleted.
In most cases, the data is marked as deleted by the app itself — but because it has not been overwritten, it is still recoverable through forensic tools. Mr Zdziarski has attributed the problem to the SQLite library used in the app, which will not overwrite deleted data by default.
"Ephemeral communication is not ephemeral on disk," wrote Mr Zdziarski.
The news comes as WhatsApp pushed-out a slew of new features to users across the globe.
Zdziarski further adds that this problem is not limited to WhatsApp. The iOS researcher has criticised Apple’s iMessage for similar for leaving similar forensic traces. He notes simply keeping deleted data on a secure device is not an issue but the bigger problem is when the data comes off the device. In the case of WhatsApp, the data comes off in the form of WhatsApp Database.
Does that mean you should panic? Well Zdziarski thinks no but he definitely wants iOS users to be aware of this WhatsApp algorithm.
Is there a way to mitigate the potential threat?
1. Using a really strong iTunes password
2. Disabling iCloud backups
3. Periodically deleting application from the device and reinstalling to flush out the database.
The mobile messenger app was recently applauded for switching to default `end-to-end encryption through the Signal protocol, a process that scrambles and protects data in transit – preventing mobile carriers, governments and other intermediaries, intercepting and reading your communications.But it seems the data is still very much exposed to anyone with physical access to the device.