Email
Password
Remember meForgot password?
    Log in with Twitter

article imageWhatsApp doesn't delete your conversations when you tell it to

By James Walker     Jul 29, 2016 in Technology
A prominent iOS security researcher has discovered WhatsApp retains traces of your conversations even after you delete them in the app. Remnants of the messages remain on your phone, creating a "treasure trove" of data that could restore conversations.
Jonathan Zdziarski revealed the existence of WhatsApp's "forensic artifacts" in a blog post today. The discovery detracts from the company's reputation for taking security seriously. It was one of the first to push towards fully encrypted messaging and repeatedly highlights this as a key feature.
WhatsApp provides a number of in-app features to allow you to delete conversations with contacts. You can clear, archive or delete individual threads, the implication of the latter being they've gone forever. There's also a "Clear All Chats" option, which could be supposed to delete everything. However, Zdziarksi found that in practice none of these actions fully delete conversations.
Every time the researcher tried an action, the app left behind traces of data that could be recovered using professional tools. The conversation disappeared from the app but the records remained in its database. Anybody with physical access to the device could retrieve the conversations.
The problem isn't directly WhatsApp's fault. Instead, it’s a "feature" of the SQLite database that WhatsApp uses to store conversations on devices. By default, SQLite does not immediately overwrite deleted records on iOS.
Instead, when something is deleted, it is added to a list of "free records" to be overwritten later on. In the meantime, the data remains accessible on disk. There's no guarantee when the data will actually be overwritten. Zdziarksi has seen deleted records remain in the database "for months" in other apps.
To access the data, an attacker would usually need to have physical access to a device. However, because WhatsApp's database is included in unencrypted iCloud backups, your secure WhatsApp messages could be subject to law enforcement warrants.
"Simply preserving deleted data on a secure device is not usually a significant issue, but when that data comes off the device as freely as WhatsApp’s database does, it poses a rather serious risk to privacy," said Zdziarksi. "Unfortunately, that’s what’s happening here and why this is something users should be aware of."
The issue weakens WhatsApp's strong approach to security. Its use of the Signal protocol to transmit messages makes it almost impossible for authorities to intercept conversations. Zdziarksi confirmed "Signal leaves virtually nothing," noting that WhatsApp sends messages much more cleanly than rivals like Apple's iMessage.
However, the company "should be more sensitive" to the forensic footprint it's leaving on devices. Transmitting data using encryption isn't so effective if the conversations can be recovered months after the user deleted them.
Zdziarksi called on WhatsApp to change its approach in a future update, switching to an alternative database provider or at the very least excluding its data from iCloud backups.
"The design choices [software authors] make when developing a secure messaging app has critical implications for journalists, political dissenters, those in countries that don’t respect free speech and many others," the researcher said. "A poor design choice could quite realistically result in innocent people - sometimes people crucial to liberty - being imprisoned."
To properly resolve the issue, the creators of SQLite should look to address how the iOS version of the library handles data deletions. The current method appears to have been implemented to save wear on the database and increase performance, at the expense of not actually deleting potentially sensitive data.
More about whatsapp, sqlite, Databases, Ios, iPhone