Operational WhatsApp (on iOS)

Secure* Messaging for Everyone**

thaddeus t. grugq
Apr 15, 2016 · 4 min read

Recently WhatsApp completed their roll out of the end to end encrypted Signal Protocol (previously known as Axolotl.) This is great news because now there is an easy to use secure messaging app used by millions of people. While WhatsApp provides strong end to end encryption for data in motion, the app itself has a number of issues that prevent it from being the ultimate secure messenger.

This guide will reference issues raised in my previous posts about Telegram and Signal, please read those for additional information. I provide some recommendations on how to harden WhatsApp defaults, but there are limitations on what can be done with the facilities provided.

The Good, The Bad and The Ugly


  • The app is very easy to use.


  • WhatsApp aggressively tries to force the user to store their plaintext chat logs on iCloud.


Update: originally I stated there was no encryption to BlackBerry users. I was wrong, however BlackBerry users may have to force update to the latest version.

What Is To Be Done?

Although the transport level security of WhatsApp is extremely high, the app’s default settings must be tweaked to ensure more private messaging. In some cases there is not sufficient granularity, and even missing functionality, which prevents hardening the app properly.

To reduce risk and increase privacy when using WhatsApp, configure the following settings:

Settings >> Account >> Privacy

  • Last Seen: My Contacts

Settings >> Account >> Security

  • Show Security Notifications: ON

Settings >> Chats

  • Save Incoming Media: OFF

Settings >> Notifications

  • Show Preview: OFF (unfortunately, this still displays the sender’s name)

Settings >> Profile

  • The name entry here is what is displayed in the recipient’s notifications. Feel free to change to a generic value, e.g. Friend

These settings are a reasonable middle ground for reducing the amount of data that the app creates locally, and minimizing what is exposed as clear text on iCloud.

Problems remain. It is not possible to automatically delete old messages after an expiry date. It is not possible to configure notifications to hide potentially sensitive data. The Chat Backup feature will regularly nag the user to enable it, one wrong tap during app startup could be a fatal error.

iCloud Backstabbing Backups

Update: iCloud backups must be disabled separately for the WhatsApp application. This is done from the main Settings application on iOS:

Settings > iCloud > Storage > Manage Storage > This iPhone > Show All

  • WhatsApp: OFF (Turn Off & Delete)

Keeping it Fresh and Clean

It is important to have a procedure to follow when conducting a sensitive discussion. Part of that procedure must include destruction of the logs, wherever possible, to minimize the risk of future discovery by malicious parties.

  1. After completing a conversation, or at regular intervals, old messages should be deleted

This will remove the local traces of the conversation, to the extent possible. There will still be metadata available at the ISP and on WhatsApp’s servers. There may be additional forensic artifacts left over on the device. However, accessing that data requires a level of investigative effort above merely opening the app and looking at who the user has been chatting with.

Update: forensic analysis of a WhatsApp message log demonstrates that there is not sufficient security provided by deleting a thread. Until Facebook address this issue, the only work around may be to use very short conversations and delete them frequently. This may minimize the amount of data in the SQLite free pages and increase the chance of sensitive data being overwritten. Or maybe not.

Fantasy Features List

The most important points that need to be addressed are the excessive message logging, the lack of automatic message deletion, and the dependance on a mobile phone number (and thus the Address Book).

Messenger apps should allow the user to configure the messages to expire after a set time period. They should allow the user to use a custom identifier, rather than a phone number, and allow users to add contacts manually. They should not log granular message counts, unless they allow the user to disable that functionality. Notifications should be configurable to provide the user with a generic notification without exposing any data.

The Bottom Line

WhatsApps adoption of a strong encrypted protocol is a significant improvement in secure messaging, but problems remain. Although the data is well protected on the wire, there is still significant metadata leakage and there are significant privacy issues related to using the app.

WhatsApp is a great replacement for iMessage, but it is not the final word in secure messaging.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store