Oppressive regimes like China and Bahrain have no issue with WhatsApp and that tells you the whole story

WhatsApp encryption is more myth that reality

WhatsApp recently introduced end-to-end encryption for users worldwide and now you see“messages you send to this chat and calls are now secured with end-to-end encryption.” Sound secure right? But there is a problem.

Whenever you delete any type of message it does disappear immediately but what you don’t know is that although the chat is supposedly gone from your window it still exists on your smartphone and WhatsApp never deletes that copy permanently.

This was discovered by an iOS researcher, who found that WhatsApp keeps a forensic trace of the chat logs after deletion and if an attacker has physical access to your phone, the stored data can be accessed.

When you delete any data or chat, the app marks the said information as deleted. However, this data area is not overwritten by new data or chats, which can be recovered by forensic and recovery software. Maybe this is why the app is allowed in China but more secure apps like Telegram are banned. iMessage is not banned because it does not allow you to broadcast like other apps.

For many it may not be an issue however for some it can do a lot of harm as law enforcement agencies can get a warrant and ask Apple to hand over the deleted WhatsApp chat logs.

Anyone with physical access to your phone could create a backup with it unless you have enabled fingerprint or passcode to access the device.

Anyone having physical access to your phone can steal the unencrypted data and use brute force tool to get hold of the password stored in the keychain.

Not very likely at all, unless you think you will be sharing data that other want. To ensure all your data is deleted, make sure you restore your phone (not from a backup) and erase it again several times before selling it.

What do you need to think about or do?

You can stop using WhatsApp or stop sending sensitive and personal data on WhatsApp — You should stop sending personal pictures and video clips and especially NEVER send threatening messages to anyone or it can be used against you in the court of law.

The Secure One

Handpicked cybersecurity, privacy, consulting, and professionalism articles for those who want to be in the know. Also home to inspiring stories in productivity, professional lessons and self improvement. All opinions are my own and not endorsed (yet)!

Munish Pruthi

Written by

I am corporate monkey with a specialism in all things technovision, cyber security, innovation and gadgets.

The Secure One

Handpicked cybersecurity, privacy, consulting, and professionalism articles for those who want to be in the know. Also home to inspiring stories in productivity, professional lessons and self improvement. All opinions are my own and not endorsed (yet)!