Beware! WhatsApp silently rolled out an update, allows recovery of deleted chats
WhatsApp retains and stores chat logs even after those chats have been deleted, according to a post today by iOS researcher Jonathan Zdziarski. Examining disk images taken from the most recent version of the app, Zdziarski found that the software retains and stores a forensic trace of the chat logs even after the chats have been deleted, creating a potential treasure trove of information for anyone with physical access to the device. The same data could also be recoverable through any remote backup systems in place.
In most cases, the data is marked as deleted by the app itself — but because it has not been overwritten, it is still recoverable through forensic tools. Zdziarski attributed the problem to the SQLite library used in coding the app, which does not overwrite by default.
WhatsApp was applauded by many privacy advocates for switching to default end-to-end encryption through the Signal protocol, a process that completed this April. But that system only protects data in transit, preventing carriers and other intermediaries from spying on conversations as they travel across the network.
Zdziarski’s findings deal with what happens to that data after it reaches the phone, particularly when it’s stored on the phone’s local disk drive or remote iCloud storage. WhatsApp messages are backed up by iCloud without hard encryption, so the finding means police could obtain clear records of conversations through a court order, even if the conversation had been deleted within the app.
“The core issue here is that ephemeral communication is not ephemeral on disk,” Zdziarski wrote in the post.
The research is particularly relevant given the app’s current legal struggles over encryption policy. In Brazil, WhatsApp has weathered numerous blackout orders from local courts over its refusal to turn over court ordered chat logs in an ongoing case. The company has repeatedly claimed that it cannot turn over the logs as a result of WhatsApp’s end-to-end encryption systems, and the blackout orders have been routinely overturned by higher courts.