Jonathan Zdziarski wrote about an implementation challenge for the security conscious among us. While Whatsapp does delete the message when you tell it to, it leaves artifacts behind. Whatsapp and other phone apps use the SQLLite database. SQLLite, likely to reduce wear in your phone’s memory, doesn’t actually delete the message, but rather just marks it deleted. If you create more new messages after you delete old ones, the old messages may be overwritten in the database, but then again, may not – at the whim of how the database works.
Worse yet, on an iPhone, that database is backed up to the cloud, which as we all know, Apple will turn over to law enforcement if asked.
The question for me then became – but I thought there were doing end to end encryption. Well the answer APPEARS to be, kind of, sort of. It is end to end meaning that from the sender to the recipient it is encrypted, but it appears that locally, it is not stored encrypted. This means that anyone who has access to your phone or your iCloud backup may be able to read your messages, deleted or not.
Maybe you want to use iMessage instead. Turns out it has the same problem. The iMessage database is copied to the cloud and to your PC if you back up your phone to your PC and even if you encrypt it, if you use a weak password, that can be easily cracked with tools available to hackers and others.
Curiously, according to Jonathan, Signal, the free chat and call app designed by famed hacker Moxie Marlinspike and others leaves almost no forensic traces behind. This is due to design choices they made.
What can you do?
If you use iTunes backup, use a long, complex password and do not store password in the keychain or PC, otherwise it could be recovered using forensics tools.
Disable backups with iCloud as it does not honor your backup password – nice huh?
Really, the only effective way is to periodically uninstall the app as this will delete the database. Then you can reinstall it. Sounds like a bit of a pain.
Alternatively, you can use Signal. It works just as well and leaves almost no artifacts.
BUT – and it is a big butt – both sender and recipient have to use Signal in order for it to do its magic. Signal will send a regular SMS message if the person at the other end is not a Signal user and won’t tell you that it is not secure. Those are not encrypted.
For the developers in the crowd, Jonathan does suggest several ways for developers to fix this problem in their app – it really isn’t hard, just requires some advance planning.
Just some food for thought.
Information for this post came from Jonathan Zdziarski’s blog.