WhatsApp and iMessage may be examples of end-to-end encryption in action, but there are still potential security flaws which can leave your data exposed.
As discovered by iOS researcher Jonathan Zdziarski, both messaging services have been found to not completely delete messages when erasing them — meaning that a person with physical access to your phone, or backups of data in the cloud, may be able to retrieve “deleted” conversations.
According to Zdziarski, the issue relates to the SQLite library used to build the apps. As he writes:
“Forensic trace is common among any application that uses SQLite, because SQLite by default does not vacuum databases on iOS (likely in an effort to prevent wear). When a record is deleted, it is simply added to a ‘free list’, but free records do not get overwritten until later on when the database needs the extra storage (usually after many more records are created). If you delete large chunks of messages at once, this causes large chunks of records to end up on this ‘free list’, and ultimately takes even longer for data to be overwritten by new data.”
The fact that extracting this data isn’t too straightforward means there’s no reason to be too concerned, but Zdziarski all the same suggests that it’s a good idea to configure a strong backup password for your iPhone using iTunes, and not storing this in Keychain.
It’s also possible to disable iCloud backups, while you can protect against WhatsApp deleted chats being extracted by deleting the app every so often and then reinstalling it — thereby erasing old chat logs.