Gone but not forgotten: What happens to deleted WhatsApp messages

Out of sight does not mean out of mind, according to a security researcher

A security researcher has found that messaging application, WhatsApp, stores a "forensic trace" of all messages sent within it on Apple devices. This is regardless of whether the user has deleted, cleared of archived the chats. 

The researcher, named Jonathan Zdziarski, found that it is possible to use that trace to reconstruct the message into its original form. 

"Simply preserving deleted data on a secure device is not usually a significant issue, but when that data comes off the device as freely as WhatsApp's database does, it poses rather a serious risk to privacy," said Zdziarski. 

This discovery comes just months after WhatsApp introduced full end-to-end encryption on all messages sent by consumers using the latest version of the software.

"Law enforcement can potentially issue a warrant with Apple to obtain your deleted WhatsApp logs, which may include deleted messages," explained Zdziarski. "The core issue here is that ephemeral communication is not ephemeral on disk." 

If a user wishes to delete all information stored by WhatsApp they must remove the app from the device entirely. Zdziarski is now urging software developers to consider this forensic trace when designing new products. 

"The design choices they make when developing a secure messaging app has critical implications for journalists, political dissenters, those in countries that don't respect free speech, and many others. A poor design choice could result in innocent people - sometimes people crucial to liberty - being imprisoned."