Security Flaw in WhatsApp and Messages
This year WhatsApp followed the lead of Messages in adopting end-to-end encryption for its text messages. But a renowned security researcher, Jonathan Zdziarski, found that both WhatsApp and Messages still have a major security flaw. This is related to a message storage fault that allows deleted messages to be recovered easily. The text messages can be recovered either from an iCloud backup or from within the iPhone itself.
In the past few years, WhatsApp has managed to iron out some of the bugs. However, there is plenty of third-party software in the market, which can help you track WhatsApp messages of others. While this may be good for couples looking to check for cheating and infidelity related issues and parents wanting to ensure that their kids are safe, this is one feature, which can work both ways.
Zdziarski explains
Zdziarski explains that even after you have cleared up chats, archived messages, and completely flush your system of them, the messages can easily be recovered. He also adds that the only sure way of removing this data is by deleting the app itself.
He had this to say about the live build of WhatsApp as of now,
“The latest version of the app tested leaves a forensic trace of all of your chats, even after you’ve deleted, cleared, or archived them… even if you ‘Clear All Chats.’ In fact, the only way to get rid of them appears to be to delete the app entirely.”
Zdziarski says that data was left on the backside no matter what deletion method was used: archiving, clearing or deleting threads – and he implied that the same flaw is present in Apple’s Messages.
SQLite
“Forensic trace is common among any application that uses SQLite because SQLite by default does not vacuum databases on iOS (likely in an effort to prevent wear). When a record is deleted, it is simply added to a“free list”, but free records do not get overwritten until later on when the database needs the extra storage (usually after many more records are created)[…]
In other apps, I’ve often seen artifacts remain in the database for months […]. Apple’s Messages has this problem and it’s just as bad, if not worse. Your SMS.db is stored in an iCloud backup, but copies of it also exist on your iPad, your desktop, and anywhere else you receive Messages. Deleted content also suffers the same fate.”
iCloud backups
Apple iCloud backups are encrypted but do not yet use the more discrete end-to-end encryption. So in layman’s terms, it can be decrypted by Apple. This is something the company has indicated that it plans to change.