Whatsapp Encrypted Messages Are Not Permanently Erased When Deleted in App

Back in April this year, WhatsApp announced the introduction of end to end encryption, providing greater privacy protections. However, that sense of security is being challenged by claims that deleted messages are not actually permanently removed, and could be recovered.



Jonathan Zdziarski, an  iOS researcher, discovered that forensic traces of all of a user’s chats remain even after they are deleted, cleared, or archived in the popular Whatsapp messaging app.

He explained that WhatsApp deletes the records, but they are not wiped from the database, meaning a hacker with physical access to your phone could recover and reconstruct the original messages, and these forensic traces could also be recoverable through remote backup systems.

"Forensic trace is common for any application using the SQLite database manager, because SQLite does not clear databases on iOS by default. The concern here is with how freely the WhatsApp data comes off the device" , stated Zdziarski.

Continued below..

The WhatsApp chat database gets copied over from the iPhone during a backup operation, which means it will show up in either or both iCloud and desktop backups, depending on backup preferences.

The Desktop backups can be encrypted by enabling the ‘Encrypt Backups’ option in iTunes (as seen in fig.1 below). However, iCloud backups do not honor this encryption in their cloud services, leaving the WhatsApp database subject to easier accessibility by a third party.

fig.1

 
According to Zdziarski, WhatsApp could easily resolve this issue in a number of ways through software development, and pointed out that it is possible for the SQLite database to be marked in such a way that it will not be backed up.

He also stated that "the one way to be certain your deleted messages are possibly gone forever is to delete the app entirely, along with the backup files."

WhatsApp guidelines state that deleted messages are permanently wiped from your phone and are not recoverable.

There has not been an official comment from Whatsapp regarding this issue, and their policy guidelines have not been modified.

Remember

It is always advised that people do not share highly sensitive information, such as bank details for example, over social networks, or messaging apps. Regardless of information being encrypted, there is always that risk of interception, and deciphering information by a third party.


Sources:
User beware: Deleted WhatsApp chats not gone forever, says iOS researcher
Whatsapp: How do I delete messages or chats?