WhatsApp, one of the biggest messaging platforms in the world, was lauded by privacy advocates when it implemented an end-to-end encryption system earlier this year. However, it seems that WhatsApp is not yet completely secure. According to Jonathan Zdziarski, an iOS researcher, WhatsApp keeps chat logs even if those chats were deleted by the user. It is a potential loophole that can be exploited by malicious hackers.
The Flaw in the System
Zdziarski discovered the issue on examining the disk images taken from WhatsApp. The latest version of this app was used. He found that the software stores and retains a forensic trace of each chat log even after they have been deleted by the app. This results in the creation of a database of information which can be exploited by anyone who gets physical access to that specific device. It is also possible to recover the same data by means of any remote backup systems used by the device.
Generally, the app will mark the data as deleted. However, the data does not get overwritten. As a result, forensic tools can be used for recovering the information. According to Zdziarski, the problem can be traced back to the SQLite library which is used for coding the app. This library does not overwrite data by default.
What about Encryption?
Earlier this year, WhatsApp switched over to end-to-end encryption via the Signal protocol and implemented it by default for all users. However, that encryption system can only protect the data which is moving from one user to another. As a result, network carriers and other people cannot spy on the WhatsApp conversations while traveling across the network.
The discovery by Zdziarski is all about what occurs to the data once it has reached its destination phone and gets stored in the local storage of the phone or a remote storage system like iCloud. For iCloud, the messages in WhatsApp tend to be backed up without any hard encryption. This means, it is possible for law enforcement agencies to obtain records of the conversations with the help of a court order even those conversations were deleted inside the app.
What Does It Mean For Users?
For now, there is not much for WhatsApp users to worry about. On the other hand, it does weaken many of the promises made by WhatsApp in the past with respect to its privacy.
The fact is that WhatsApp is not the only messaging app to be affected by the flaw. Rather, the majority of these apps leave behind similar kind of traces allowing the data to be recovered by means of iCloud backups. On the other hand, many apps that focus on privacy do to have it. Apple’s iMessage is one of those apps that leave traces while the Signal messaging app leaves nearly nothing behind.
This finding is particularly important considering the legal struggles currently being faced by WhatsApp due to its encryption policy. It has been blocked numerous times in Brazil by orders from local courts by refusing to turn over chat logs.