WhatsApp messages are not actually deleted

When you delete your WhatsApp messages, they are not completely deleted, but WhatsApp still keeps chat logs of those deleted chat messages.

Jonathan Zdiarski, who is an iOS researcher found this when examining disk images of a recent version of WhatsApp, came to know that the app always keeps a forensic trace of chat logs. Even when the actual messages were deleted by the user. It creates a security risk for the users because anyone who gains physical access to their phones can still find the logs.

Since the data is just marked as deleted when the user deletes the messages, the logs of chat still resides on memory, and forensic tools can be used to recover them. Additionally, Zdiarski reported that the cause of this behavior is the SQLite library in the WhatsApp app, which does not overwrite.

WhatsApp recently added a new feature called end-to-end encryption to ensure the privacy of its users. However, that prevents your carrier or any unauthorized medium from tracing the data.

However, when the data has transmitted over networks securely with end-to-end encryption and reaches the device, it is stored on the devices storage (local storage or iCloud).

On iOS the WhatsApp messages are backed up to iCloud and on Android the job is done using Google Drive without applying any encryption, which can be obtained by anyone with forensic tools, i.e., the police.


Should you be worried?

Well, that depends on your usage. You should not be sending any sensitive messages. And after all it is good to know how the app actually works.


The news obviously breaks the company’s promises about user privacy. In fact, most of the messaging apps also have similar security holes, leaving the users data vulnerable. According to Zdziarski, even the Apple’s own iMessage leaves a lot of forensic traces.


Law enforcement agencies can ask Apple to get their hands on your WhatsApp backups, and recover your deleted messages from them.

Not just that, anyone who can access your device physically can also get that data, so it would be a wise move to use a good password or enable fingerprint lock.