Beware! WhatsApp silently rolled out an update, allows recovery of deleted chats
WhatsApp does not delete your messages when you delete it, but just marks it as deleted.
You are definitely using WhatsApp for most of your communication. And since WhatsApp started End-to-End encryption on all messages on its platform, you are sure that your sensitive and private messages are not being tapped. However, there is one thing you should know for sure, and you will be surprised.
Whenever you clear a message, or a batch of messages on WhatsApp, be it an individual chat or a group, they disappear from your screen, But you should know that the messages that are not seen on your screen, are actually still present on the smartphone and are not permanently deleted.
A recent finding from an iOS researcher Jonathan Zdziarski reveals that WhatsApp retains all your messages that you have been deleting. Zdziarski’s findings open up the fact after he scrutinized the disk images from an iPhone with the new version of the WhatsApp. He found that the app retains and stores a forensic trace of the chat logs, even if you are deleting them this creates a ‘treasure trove’ for those who are mining for data. However, in order to get the required data, one needs physical access to the device. He also mentioned that the data could also be recovered from remote backups.
When you delete any data, or chat, the app marks the said information as deleted. However, this data area is not overwritten by new data or chats, which can be recovered by forensic and recovery software. Zdziarski mentions that a new SQLite library is being used to code the new app, which does not delete the data permanently.
Previously, WhatsApp’s End-to-End encryption was praised by many privacy advocates. However, this encryption is only applied when data is being transmitted, preventing carriers and other intermediaries from intercepting on your conversations while the data is travelling over the network. But the findings from Zdziarski deals with what happens when the data reaches the phone, stored on the device and on the cloud as a backup. He claims that cloud backups are not encrypted and the intermediaries can obtain clear records of the conversations by simply applying for a court order.
‘Apple’s iMessage has this problem and it’s just as bad, if not worse. Your SMS.db is stored in an iCloud backup, but copies of it also exist on your iPad, your desktop, and anywhere else you receive iMessages. Deleted content also suffers the same fate,’ said Zdziarski on his blog post.
Should you be worried
Well, not really; unless you are transmitting sensitive messages. However, you should be aware of how WhatsApp works.
What does this whole issue mean
Law enforcement agencies can issue a warrant with Apple to obtain your deleted WhatsApp chat logs. These would also include your deleted messages.
Anyone with physical access to your iPhone could create a backup of your data. Unless the device’s access is needs a fingerprint, passcode.
Anyone with physical access to your computer could also get a copy of this data from an existing, unencrypted backup. He could decrypt it using password breaking tools, or recover the password from your keychain.