
WhatsApp isn’t fully deleting its 'deleted' chats - doctorshady
http://www.theverge.com/2016/7/28/12319610/whatsapp-forensic-security-deleted-chats-encryption
======
newscracker
Though I don't trust FB (and its entities) on privacy, I'll assume that
WhatsApp security team was aware of this and was planning to get to it after
the end-to-end encryption was completed (recently). It's possible they were
(or are) working on this.

The original blog post by Jonathan Zdziarski [1] linked in this article is a
lot more informative and provides some pointers to handle this better as a
user, and should be read by anyone interested in this topic or thread. The
main cause here seems to be a simple use of SQLite without considering how
marking data as deleted isn't enough (of course, that's never enough on any
storage system that doesn't use encryption).

Quote from the blog post [1]:

"Forensic trace is common among any application that uses SQLite, because
SQLite by default does not vacuum databases on iOS (likely in an effort to
prevent wear). ... There is no guarantee the data will be overwritten by the
next set of messages. In other apps, I’ve often seen artifacts remain in the
database for months."

Quote from the article on The Verge:

'The majority of messaging apps leave similar traces, recoverable through
iCloud backups, although a number of privacy-focused apps do not. "iMessage
leaves a lot [of forensic traces]," Zdziarski said, reached by The Verge.
"Signal leaves virtually none."'

It's good that Signal has handled this well, which would be expected
considering the basic premise/foundation of Signal and the strong emphasis it
places on encryption and security. The "virtually none" part seems to leave a
gap for doubt to creep in. I'm not sure if that's something anyone should
worry about (especially the people who depend on privacy to avoid danger
everyday).

[1]:
[http://www.zdziarski.com/blog/?p=6143](http://www.zdziarski.com/blog/?p=6143)

