Facebook owned messaging app, WhatsApp in April launched and update where every message or call were automatically encrypted in the application. But the extent of security is now being questioned by a forensic scientist who claimed that the messages deleted on the app were not getting actually removed. Jonathan Zdziarski, a digital forensic scientist and security expert, on his blog, posted his research findings which denotes that more than 1 billion users’ chats on WhatsApp remain even after they delete or clear their data. What this means is that when the user deletes the WhatsApp records, they still stay in the app’s database and any hacker who can access the phone might be able to recover the deleted messages. Zdziarski’s discovered this fallacy while using the latest version on WhatsApp on and iPhone, examined the disk images. He found that when a user deletes chats, WhatsApp marks data as deleted. But new data of chats do not overwrite the deleted data area, which makes it recoverable using forensic softwares.
The reason why the data is not getting deleted, Zdziarski mentions, is because SQLite library is being used to code in WhatsApp. “Law enforcement can potentially issue a warrant with Apple to obtain your deleted WhatsApp chat logs, which may include deleted messages. None of your iCloud backup content will be encrypted with your backup password (that’s on Apple, not WhatsApp), ” Jonathan Zdziarski wrote in his blog. Whatsapp had introduced its encryption feature in the middle of an apparent cold war between the US government and technology businesses in the Sillicon Valley over privacy issues and laws. Therefore, for normal users its may not be a reason to worry, but the fact that law enforcement agaencies by issuing a warrent can get Apple to recover the chat logs.
As Zdziarski points out that there is no need to panic, as the issue can easily be resolved by WhatsApp through software development in a few ways. He wrote about some of the ways, in his blog. Asking the software coders of WhatsApp to be sensitive to the forensic trace, he mentions the best possible way for users, as of now, would be to delete the application completely.