The messaging platform WhatsApp on iOS doesn’t delete your chats even after you clear them from you chat log, leaving a forensic trace of the chats behind that can be retrieved using programming tools. According to research carried out by Jonathan Zdziarski, this forensic backup is left behind even if you select the option to ‘clear all chats’, and apparently the only way to get rid of the data is by deleting the app entirely.  

b’Representational image/ Source: Reuters’

Examining disk images taken from the most recent version of the app, Zdziarski found that the software retains and stores a forensic trace of the chat logs even after the chats have been deleted. This would mean that anyone with physical access to the device or with access to the data backed up remotely can retrieve the chat data.

However, Zdziarski claims that WhatsApp doesn’t do it intentionally, and in fact, the app marks the data as deleted.

However, due to loopholes in the programming used, the data doesn’t gets completely purged from the storage, leaving behind a forensic artifact that can be restructured to form the data again. 

According to his research, the problem is common to almost all apps that use SQLite, a database management system, because SQLite doesn’t vacuum delete data on iOS space, and does not, by default, overwrite the deleted data. As a result, a footprint is left behind in the memory. The messaging service on iOS, iMessage, has the same problem.

But What does this mean?

And what about the 256-bit encryption WhatsApp recently released?

While WhatsApp recently released the 256-bit encryption code on the app, which means that no third-party, including the company itself, can decode messages being sent through the app, the footprint left behind by WhatsApp in iOS storage would mean that security agencies can issue a warrant to Apple inc., forcing them to release this data.  

b’WhatsApp had recently released a 256-bit encryption’

The 256-bit encryption simply protects the data while in transit, but it can be accessed on the sender and the receiver devices. This means that anyone having physical access to the device on which WhatsApp is being used or to the data remotely stored can access the trace and restructure all the messages ever sent or received, even if the user believes that they don’t exist anymore. 

Why is the research relevant?

WhatsApp has often been in conflict with many governments with regard to releasing of private chat data. While the older encryption systems, such as the 40-bit system could be decoded easily by security agencies, the new system renders it impossible to access the data without having physical access to the device. In March this year, Facebook head of Brazil, Diego Dzodan was arrested because he refused to provide security agencies with data related to a drug trafficking case. the company claimed that due to the new encryption system, it wasn’t possible for it to access that data.

b’Screenshot of WhatsApp screen displaying encryption message’

In India too, debates about the legality of WhatsApp were launched following the release of the new encryption system. Many critics voiced their concerns with the app posing a threat to national security, and appeals were filed against in the courts. However, the app continues to be legal in India in absence of any law prohibiting such encryption. 

Read the original post here.