WhatsApp allows users to back up their messages on local storage as well as cloud storage. This is the best way of keeping a record of your messages, just in case you feel like doing so, even when you change to a new device or even format the current one.
Whenever you remove a WhatsApp application on your phone and attempt to re-install it, the app will ask to restore previous messages from your backup, whether it is stored locally or in the cloud. However, not all messages are backed up, because users will usually delete some of the messages they feel aren’t worth keeping on their phones.
While this is meant to completely get rid of the messages from the user’s device as well as WhatsApp servers, apparently, the deleted messages only leave the former and not the latter. This is according to a new research report that has been published by Jonathan Zdziarski, a digital forensics and security expert. This is to mean that the more than 1 billion people that currently use WhatsApp and have probably tried deleting all their chats by hitting the “Clear all chats” option didn’t actually delete the messages as they intended to.
WhatsApp has successfully been blocked on several occasions, especially in Brazil, with law enforcers demanding the app developers to aid in giving out some information regarding chats made by suspects in ongoing cases. According to the app developers, the existence of end-to-end encryption means that nobody, including them, can come between any chat being held by two people or groups of people via the app. This shows that the company has somehow succeeded in keeping out third party hackers in accessing information, but the latest discovery showcases another major loophole in the app.
Even if you proceed with clearing all chats on the app, forensic traces of the messages are left behind. The story is also the same for messages that are archived or deleted. According to Zdziarski, the only sure way of ensuring these messages are completely eliminated is by deleting the entire app from your phone.
Apparently, this is not happening because WhatsApp developers want it so, it is because the record does not get erased from the database, leaving behind traces that can be put back together to come up with the original thing.
What it means for regular WhatsApp users
If you are among the more than 1 billion people that use WhatsApp, there are quite a few things you should know. For starters, this vulnerability means that your deleted messages can still be retrieved from the servers of the app if need there be.
Another implication is that anyone with physical access to your phone can easily come up with a backup of messages right from the encrypted data. Furthermore, the report says that anyone who can access your PC can also copy the data from an encrypted backup or even decrypt it with the help of complex software.