WhatsApp Chats Are Not Being Deleted: Researcher Finds Security Flaw

Facebook is nothing more than a medium for communication, and yet, it is so much more than that. Nowadays, People believed that they are on trend if they have an account on Facebook, wherein they can easily and freely communicate to their friends. At a glance, a user can learn everything from what gender a Facebook member is, to what religion they believe in, what school they attend, and their likes and dislikes, all with the click of a mouse. Communications have been so much fun using the Facebook. But the security researcher Jonathan Zdziarski, recently found that the Facebook-owned mobile messaging stores chat logs, even after users have deleted them. According to him, the problem is the the SQLite library used in the app, which does not overwrite by default. Although the record of the chat is deleted, Zdziarski, who looked at disk images, found that the message leaves a forensic trace of the logs which could be used to recover it in its original form. He confirmed that the messages that users have been deleted is left on mobile devices. In fact, Richard Stiennon, Chief strategy of Blancco technology Group confirmed this issue that the data was left behind no matter what deletion method was used including, archiving, clearing or deleting threads. “Simply deleting, clearing or archiving chat logs is not enough to remove the forensic trace that is left on mobile devices. Most consumers are still unaware of the difference between deleting and destroying data. The only way to ensure data is unrecoverable is by overwriting it with 0s and 1s multiple times. Then, users should insist on some form of verification that proves their data is truly gone for good to protect sensitive information from falling into the wrong hands,” Richard Stiennon said. Zdziarski confirmed that there's still have a security flaw that can allow deleted messages to be recovered – either from the device, or remotely from iCloud backups. Furthermore, he pointed out that although a number of messaging apps have a similar problem, Signal does not. “The way to measure ‘better’ in this case is by the level of forensics trace an application leaves. Signal leaves virtually nothing, so there’s nothing to worry about,” he wrote. As for those WhatsApp chats you thought you’d cleared? “In fact, the only way to get rid of them appears to be to delete the app entirely,” Zdziarski wrote. This shocking information confirms that iCloud backups are encrypted, but do not yet employ end-to-end encryption – so can be decrypted by Apple. This is something the company has indicated that it plans to change.