Messages that users delete from WhatsApp are not permanently deleted, which means that they can be retrieved and accessed by unauthorized persons.
In order to be considered secure, any chat application must fight on two fronts. On the one hand, it must ensure the security of the transfer of messages by encryption. On the other hand, care must be taken to ensure that the data stored on the phone cannot be accessed by unauthorized persons who gain temporary control of the device.
WhatsApp receives the highest rating for secure transfer between users. As of April, the app automatically encrypts transferred messages. On the local security side, however, the Facebook application does not perform as well.
READ ALSO Apple has reached one billion iPhones soldJonathan Zdziarski, a specialist in iOS security, has discovered that the messages that WhatsApp users delete are not, in fact, completely deleted. Thus, they could be recovered.
Experienced PC users are aware that deleted files can be recovered because the hard drive holds that information until the area where it was stored is occupied (overwritten) with other information.
This is the case with WhatsApp messages that users delete. According to Zdziarski, the SQLite library, used by WhatsApp for local message storage, is to blame for this. It does not overwrite the information, which keeps the data needed to recover deleted messages from memory.
READ ALSO Android smartphones will alert users when they receive an unwanted callAs a result, messages that users believe are deleted may be retrieved by a person who takes possession of the phone and goes through the lockscreen. Also, in the event of an elaborate attack, they could be recovered by attackers from a distance.
The biggest problem is that, in addition to a few security-focused applications, such as Signal, most messengers available for mobile devices suffer from the same problem to a greater or lesser extent.
According to Zdziarski, iMessage, Apple's application leaves a lot of information based on which deleted messages can be recovered. At the other end of the spectrum is the Signal application, which leaves no trace.
The Signal chat application, like the encryption protocol of the same name, is developed by Open Whysper System, a company appreciated by the highest security experts. Edward Snowden himself praised Signal Messenger for its level of security, and Facebook paid to use the Signal encryption protocol in WhatsApp.
READ ALSO Edward Snowden works on an iPhone case that warns when communications are being listened toAnother security breach for iOS messengers is syncing with iCloud, Apple's online storage service for iPhone and iPad users. Most apps, including WhatsApp, offer the option to save data to Apple servers by syncing with iCloud.
However, data transfer to Apple servers is not encrypted in most cases. For example, WhatsApp does not use the same powerful encryption protocol that iCloud uses to transfer messages between users.
Therefore, those concerned about privacy are advised to disable iCloud syncing, at least until Facebook decides to use the Signal protocol for these transfers as well.