The marketing strategy for WhatsApp was offering people what they need in this digital era: a fast way to communicate even between different countries, but at the same time keeping the intimacy of their conversation via encryption. Everyone was excited about the update in which the app was basically telling us: “Hey. You can talk whatever you want. We promise you there’s no way we’re going to look through your conversations.”
But recent discoveries from Jonathan Zdziarski, a digital forensics as well as security expert, suggest WhatsApp may keep some information out of the public eye.
The expert showed his discoveries on his blog, talking about how deleting a conversation in this app leaves a forensics mark of all the messages you had in that chat. He tried different options within the app, like clearing more than one conversation or even hitting the “Clear All Chats” button to only find the same thing: your chat is still there, even if you’re not realizing it. He then goes over to say that the best way to ensure your conversations are actually deleted is to delete the app itself.
Here’s a quote from his blog: “the record itself is not being purged or erased from the database, leaving a forensic artifact that can be recovered and reconstructed back into its original form.”
Jonathan Zdziarski does say that the app developers may not do this intentionally, and it might just be something that they didn’t think would happen. However, the encrypted data still exists on your phone and with real-life contact to your phone, some hackers can download all of that data from your device and reconstruct it later. If you’re worried about just hacking the phone in general, without physical contact to the device, the expert says it’s not possible for a person to download this data.
Furthermore, the police can send out a warrant on your smartphone and download even these deleted chat logs that you thought gone forever. Zdziarski is thoroughly going through ways that WhatsApp developers could deal with this issue – but the team itself hasn’t responded to the expert’s blog post and request for comment.
Here’s what the forensics expert has to say about this issue: “Software authors should be sensitive to forensic trace in their coding. The design choices they make when developing a secure messaging app has critical implications for journalists, political dissenters, those in countries that don’t respect free speech, and many others. A poor design choice could quite realistically result in innocent people — sometimes people crucial to liberty — being imprisoned.”