WhatsApp Josh Valcarcel

If you use an iOS device, parts of WhatsApp conversations you assumed had been deleted may actually still be stored on your phone, a security researcher has revealed.

In a blog post, Jonathan Zdziarski, who specialises in Apple's operating system, says a "forensic trace" of all chats is left on the device even when the chats have been "deleted, cleared, or archived".


Even though data is marked as deleted, Zdziarski found it is still recoverable using so-called forensic tools because it has not been overwritten on a device. And these deleted chat logs may include deleted messages, the researcher said.

"Simply preserving deleted data on a secure device is not usually a significant issue, but when that data comes off the device as freely as WhatsApp's database does, it poses a rather serious risk to privacy," Zdziarski wrote in his blog post.

Read next Tuesday briefing: WhatsApp founder leaves Facebook over encryption and privacy concerns Tuesday briefing: WhatsApp founder leaves Facebook over encryption and privacy concerns

As part of his research, Zdziarski analysed SQLite records stored on a test phone's database once WhatsApp conversations had been deleted or archived. The library does not automatically overwrite data files so they do not get deleted.

As first reported by The Verge, the findings relate to data when it has been received on a phone.


WhatsApp

The WhatsApp database gets copied from an iPhone when it is backed-up and will show in an iCloud backup – iCloud data, while being encrypted does not offer the same level of protection as the end-to-end encryption used by WhatsApp.

The iCloud back-ups mentioned are independent to those WhatsApp creates itself.

The information can't be accessed by WhatsApp, or any third party. Instead, Zdziarski explained it is stored locally on someone's device and the only way to get rid of it is to completely delete the app. However, he continued: "Law enforcement can potentially issue a warrant with Apple to obtain your deleted WhatsApp chat logs, which may include deleted messages."

WIRED has reached out to WhatsApp for comment on the issue.


In April, WhatsApp became the biggest end-to-end encrypted messaging app in the world. It turned on the security feature, using standards developed by Open Whisper Systems, for all of its one billion users to help protect users' messages.

The system makes it impossible for WhatsApp or other parties to read the content of messages sent. Accessing encrypted messages was at the heart of Apple and the FBI's public battle over the San Bernardio terrorist's iPhone.

But Zdziarski says people shouldn't panic. Other messaging apps leave data traces behind that can be recovered and the researcher points to iMessage as another example where this happens, and the researcher simply says people should be aware of the conversation data being kept.