While we have tremendous respect for developers and researchers who routinely burn the midnight oil to pull out and fix vulnerabilities in mobile applications, the recent discovery only highlights the challenges they continue to face at a time when encryption-defeating technologies are getting stronger by the day.
WhatsApp users being malware'd through phished messages
Researcher Zdziarski's discovery points out that your WhatsApp chat logs will be preserved for eternity in your phone no matter when you delete them. He decided to test it by first creating a few chat threads in his device and then deleting them one by one. To his surprise, he later found that the deleted, archived and cleared chats could still be accessed in their entirety. After further research, he found that when you delete a chat thread in WhatsApp, the information gets deleted by the app but stays on as a 'forensic trace' in the database.
Zdziarski added that WhatsApp chat history is often backed up on cloud storage and can be accessed on other devices where the same cloud account is being used. As such, even if you delete a certain chat thread in your iPhone's WhatsApp app, you will still be able to view the 'deleted' chat thread on your Mac or iPad on iCloud backup.
"The WhatsApp chat database gets copied over from the iPhone during a backup, which means it will show up in your iCloud backup and in a desktop backup. Fortunately, desktop backups can be encrypted by enabling the “Encrypt Backups” option in iTunes. Unfortunately, iCloud backups do not honor this encryption, leaving your WhatsApp database subject to law enforcement warrants," he said in his blog post.
WhatsApp's five new features to make you fall in love with it again!
So if you're selling any of your devices to someone else, do ensure that you've signed out of cloud and deleted all the apps to ensure that the buyer doesn't get to access your private information. As per Zdziarski, iCloud does not encrypt WhatsApp's backup data and to access it, one only has to break into your iCloud account using password breaking tools.
The ramifications of such a vulnerability is that law enforcement agencies can get hold of your deleted and archived chats if they believe you're on to something. At the same time, if anyone is on possession of your phone for any period of time, he can create a backup of it and may either access them or sell them further.
Zdziarski suggests that you can prevent backed up WhatsApp data from being accessed by third parties by setting up a long and difficult-to-break backup password using iTunes. You should also avoid saving this password on Keychain which Mac forensic tools can break. This way, all your backup data will stay encrypted no matter which app it comes from. Zdziarski has also suggested a number of other measures to protect your WhatsApp data which you can read here.