
WhatsApp Forensic Artifacts: Chats Aren’t Being Deleted - uptown
http://www.zdziarski.com/blog/?p=6143
======
spdustin
To be fair (and to summarize for those who come to comments first), this isn't
exclusively a WhatsApp issue. Yes, architectural decisions could be made to
secure on-device data, and they should have, but they're not alone in not
doing so.

WhatsApp, like many iOS and Android apps, uses SQLite as their datastore. When
a row is deleted from SQLite, the pages used by that row aren't deleted from
the physical storage medium. Many databases behave this way; zeroing out
physical blocks would be cost prohibitive, and may cause solid state storage
to fail prematurely due to the "digital wear" of flipping bits too many times.

So... WhatsApp deletes rows from tables in a SQLite database... which may have
an iCloud backup... which is not nearly as secure as the database on the
device. This is true for most of the apps that we all run on our phones.

~~~
newman314
I think it would be fair to have apps advertised as secure messengers be more
aggressive about how they handle data given the intended use as long as people
understand the tradeoff.

I'm willing to trade off wear for security.

Also, a reason why I do not use iCloud in it's current incarnation.

------
newman314
This isn't surprising.

I put in scripts to vacuum SQLite databases on the Palm Pre phones back when I
was still using them.

This is also relevant to OS X where the list of downloaded files need to be
cleared out.

See
[http://hints.macworld.com/article.php?story=2012071702530516...](http://hints.macworld.com/article.php?story=20120717025305161)

------
acd
In the past the Whatapp SQLlite databas was clear text readable.

You could use a iphone backup tool that mount the file system and just read
out the chat records.

