iOS researcher finds WhatsApp leaves traces of conversations behind

Posted by:
Date: Friday, July 29th, 2016, 16:05
Category: iOS, News, privacy, security, Software


Well, at least the world of tech security isn’t boring.

Upon examining disk images taken from the most recent version of the app, iOS researcher Jonathan Zdiarski discovered that the software retains and stores a forensic trace of the chat logs even after the chats have been deleted, creating a potential treasure trove of information for anyone with physical access to the device. The same data could also be recoverable through any remote backup systems in place.

In most cases, the data is marked as deleted by the app itself — but because it has not been overwritten, it is still recoverable through forensic tools. Zdziarski attributed the problem to the SQLite library used in coding the app, which does not overwrite by default.

WhatsApp has been lauded by many privacy advocates for using default end-to-end encryption through the Signal protocol, a process that completed this April. But that system only protects data in transit, preventing carriers and other intermediaries from spying on conversations as they travel across the network.

The findings show what happens to the data after it reaches the device, especially when the data has been stored on a local drive or remote iCloud storage. The backups are backed up by iCloud without using hard encryption. This process currently allows police and law enforcement agencies to obtain clear records of conversations through a court order, even if the conversation had been deleted within the app.

“The core issue here is that ephemeral communication is not ephemeral on disk,” Zdziarski wrote in the post.

The findings help cloud some of the privacy promises made by WhatsApp. In fact, the majority of messages does leave similar traces behind that can be recovered via iCloud backups.

Stay tuned for additional details as they become available.

Via The Verge and Jonathan Zdziarski’s Blog

Recent Posts