WhatsApp doesn't properly delete 'deleted' chats
A security researcher is warning WhatsApp users that their chats can be retrieved even after they have been deleted, cleared, or archived. Jonathan Zdziarski says that even using the 'Clear All Chats' option leaves behind a 'forensic trace'.
He warns that the only way to be certain that your chat history is deleted, is to get rid of the app entirely. The problem appears to stem from WhatsApp's use of SQLite which fails to overwrite deleted data by default, rendering it recoverable.
As with deleted files on a hard drive, the SQLite database is simply updated to show that the space previously occupied by the 'deleted' data is available for use by other data. While WhatsApp has been singled out for attention, Zdziarski says that its actually quite a common problem:
Forensic trace is common among any application that uses SQLite, because SQLite by default does not vacuum databases on iOS (likely in an effort to prevent wear). When a record is deleted, it is simply added to a "free list", but free records do not get overwritten until later on when the database needs the extra storage (usually after many more records are created). If you delete large chunks of messages at once, this causes large chunks of records to end up on this "free list", and ultimately takes even longer for data to be overwritten by new data. There is no guarantee the data will be overwritten by the next set of messages. In other apps, I’ve often seen artifacts remain in the database for months.
The remnants of data that are left behind could be recovered using a remote backup too, or by anyone who has physical access to a device with the app installed. Asked if the discovery was a reason to panic, Zdziarski says: "LOL, no. But you should be aware of WhatsApp's footprint".
Photo Credit: kraphix/Shutterstock