WhatsApp introduced end-to-end encryption last month which was praised by privacy advocates however the reality is far from the truth!
WhatsApp recently introduced end-to-end encryption for users worldwide and if you recently updated WhatsApp on your device you may have noticed an alert stating “messages you send to this chat and calls are now secured with end-to-end encryption.” Sound secure right? but there is a problem.
Whenever you delete an individual or group chat from your WhatsApp window it does disappear immediately but what you don’t know is that although the chat is supposedly gone from your window it still exist on your smartphone and WhatsApp never deletes them permanently.
This was discovered by Jonathan Zdziarski, an iOS researcher, who found that WhatsApp keeps a forensic trace of the chat logs even after deletion by the user. Zdziarski also revealed that if an attacker has physical access to your phone the stored data can be accessed.
Zdziarski’s findings were discovered after he examining the disk images from an iPhone with the new version of WhatsApp. He noticed that the app keeps a forensic trace of the chat logs, even if you have deleted them. This creates a ‘treasure trove’ for those who are mining for data. However, in order to get the required data, one needs physical access to the device. He also mentioned that the data could also be recovered from remote backups.
When you delete any data or chat, the app marks the said information as deleted. However, this data area is not overwritten by new data or chats, which can be recovered by forensic and recovery software. Zdziarski mentions that a new SQLite library is being used to code the new app, which does not delete the data permanently.
Why is this a big deal?
For many it may not be an issue however for some it can do a lot of harm as law enforcement agencies can get a warrant and ask Apple to hand over the deleted WhatsApp chat logs.
Anyone with physical access to your phone could create a backup with it unless you have enabled fingerprint or passcode to access the device.
Anyone having physical access to your phone can steal the unencrypted data and use brute force tool to get hold of the password stored in the keychain.
What should be done from your side?
You can stop using WhatsApp or stop sending sensitive and personal data on WhatsApp – You should stop sending personal pictures and video clips and especially NEVER send threatening messages to anyone or it can be used against you in the court of law.
We recommend going through Jonathan Zdziarski’s blog post for more technical details on this issue.