You think a long tap and pressing that Delete option is all it takes to erase a message from the database of WhatsApp?
Oops! You are wrong!
An iOS engineer named Jonathan Zdziarski has proved it’s the other way. Means, the delete button is not the final word to erasing WhatsApp messages.
WhatsApp has rolled out a massive change with an update in April to prevent third-party intervention to have a sneak peek at the chat. They have established end-to-end encryption to make their tagline (privacy and security is in our DNAs) to appear strong.
But Zdziarski’s blog post has revealed that one can retrieve the messages with the help of a backup utility and he has explained how he did so.
When you delete a message, it is true that you can’t find it anywhere on the app. But from the backup files, you can have it by digging to the codes as the SQLite database keeps the same deep down among the codes.
Recently, WhatsApp was in the news after a court in Brazil banned it for not allowing to have a look at the logs of messages users send. Though the higher court has removed the order, this great revelation has become a dark mark on the security policy of WhatsApp.
He has used the app on an iPhone in which iCloud is the option to take backups. Obviously, it stores WhatsApp details within the backup too.
You can read the rest in his own words.
“To test, I installed the app and started a few different threads. I then archived some, cleared, some, and deleted some threads. I made a second backup after running the “Clear All Chats” function in WhatsApp. None of these deletion or archival options made any difference in how deleted records were preserved. In all cases, the deleted SQLite records remained intact in the database.”
And, he further adds that the safest solution here is to delete the app only.
The issue becomes even worst that iCloud has not a hard encryption. So, the law enforcements can check your messages when they want to, as they are equipped with the tools to bypass the password of your backup service. And, they will not have to struggle with the end-to-end encryption of WhatsApp.
He is suggesting an effective method to prevent the leakage of your messages. Which is
“Use iTunes to set a long, complex backup password for your phone. Do NOT store this password in the keychain, otherwise it could potentially be recovered using Mac forensics tools. This will cause the phone to encrypt all desktop backups coming out of it, even if it’s talking to a forensics tool.”
The problem is not with WhatsApp only. The same can be experienced with some other messaging apps as well including iMessage. The messages are stored in messages.db file in the iCloud backup.
But it protrudes given the fact that WhatsApp boasts a lot about the preference they give to users’ security.
I hope they will roll out an update soon with the solution