WhatsApp not fully deleting its deleted chats, says iOS researcher Jonathan Zdziarski

The only way to thoroughly delete chats is to 'delete the app entirely'.

Tech Talk: How Much of a Security Risk is Your Smartphone?IBTimes UK

Deleting, archiving or clearing your WhatsApp chats does not necessarily mean that they're getting thoroughly deleted, says forensic scientist and iOS security researcher Jonathan Zdziarski. WhatsApp allegedly preserves and stores a forensic trace of the chat logs, even after users have manually deleted the chats.

Zdziarski said in a blog: "To test, I installed the app and started a few different threads. I then archived some, cleared, some, and deleted some threads. I made a second backup after running the 'Clear All Chats' function in WhatsApp. None of these deletions or archival options made any difference in how deleted records were preserved. In all cases, the deleted SQLite records remained intact in the database," the Verge reported.

Zdziarski noted that though the data is marked deleted by WhatsApp, in some cases, it is not immediately overwritten and therefore, can be recovered via remote back-up and other forensic tools. He also explained that the "core issue" appears to be that "ephemeral communication is not ephemeral on disk". He claimed that Apple's iMessage also experiences a similar issue.


For those using WhatsApp on iPhone, the issue of their data privacy is even more pronounced. Zdziarski said during a backup, WhatsApp's chat database gets copied to users' iCloud backup (on desktop as well) from the iPhone. This then leaves a user's WhatsApp data open to law enforcement warrants.

WhatsApp allegedly preserves and stores a forensic trace of the chat logs, even after users have manually deleted the chats.Reuters

"Law enforcement can potentially issue a warrant with Apple to obtain your deleted WhatsApp chat logs, which may include deleted messages. None of your iCloud backup content will be encrypted with your backup password (that's on Apple, not WhatsApp)," he said.

The revelation is not necessarily likely to be a reason for panic, especially given that most other messaging apps also leave similar forensic traces. Zdziarski suggested that users can disable iCloud backups or even regularly delete and reinstall the app from their phones to clear the stored chat database. "This appears to be the only way to flush out deleted records and start fresh," he said.

IBTimes UK has reached out to his Zdziarski for further clarification and is awaiting response.

© Copyright 2018 IBTimes Co., Ltd. All Rights Reserved.