WhatsApp isn’t actually deleting the messages you send to the archive, according to a security researcher.
On Apple devices the app stores a “forensic trace” of all chats, be them “deleted, cleared, or archived”, Jonathan Zdziarski found. This means that instead of disappearing from the device as you’d expect, a trace of the chat remains in the phone. And that trace could be reconstructed into its “original form” by someone with access to the device.
It would be reasonable for WhatsApp users to expect message history to disappear from a phone when a conversation is deleted, especially given WhatsApp’s focus on privacy and security: the app recently introduced end-to-end encryption.
But instead of properly deleting messages, the app retains a memory of chats that could be recovered using forensic tools by law enforcement or anyone else with access to the device.
“Simply preserving deleted data on a secure device is not usually a significant issue, but when that data comes off the device as freely as WhatsApp’s database does, it poses rather a serious risk to privacy,” said Zdziarski.
On your iPhone or iPad, WhatsApp’s data is stored in an unencrypted form. Although the messaging service now uses end-to-end encryption, that only applies to data that is travelling between devices so that messages can’t be intercepted and read.
That data, including the traces of deleted conversations, is automatically backed up to iCloud, whether or not iCloud sync is enabled, which is also not encrypted and could therefore be read by a third party.
This means anyone with access to the physical device or a computer associated with the device can access the messages, especially if the user doesn’t have a password protecting their backups.