WhatsApp: a Security Researcher uncovers flaws in the “end-to-end” encryption system

WhatsApp security flawsA shocking announcement  is causing great concern among WhatsApp users. According to a security expert, the famous “end-to-end” encryption system that has been added into WhatsApp earlier this year, is not so secure, and in fact he was able to find a breach in the system. In case you don’t remember (or didn’t pay attention), “end-to-end” encryption is a security feature which should guarantee that private messages exchanged among WhatsApp users are safe. So, what’s happened?

Last Thursday, July 28, Jonathan Zdziarski (a digital security expert) published an article where he states that WhatsApp’ “Clear All Chats” feature does not really delete users’ messages. That’s what he wrote: “The latest version of the app tested leaves forensic trace of all of your chats, even after you’ve deleted, cleared, or archived them… even if you ‘Clear All Chats … In fact, the only way to get rid of them appears to be to delete the app entirely.

Zdziarski extensively explains on his blog what he discovered, giving details of the procedure that he has used. Basically, he has used an iPhone to start several conversations with his account and then he started to delete, archive and clear some of them. Once he finished, the astounding revelation: the messages that he had previously cleared, still appeared in SQLite relational database management system. What does it mean? That the messages were not deleted.

According to Zdziarski, this is what happens: every time that an iPhone user makes a backup on iCloud and on a desktop computer, also the chat’s database gets copied. What is the risk? First of all that a hacker could be able to create a backup of the chat information and access private messages. For the moment, the only solution that Zdziarski  was able to find in order to delete WhatsApp chat messages, is basically to uninstall the application on your devices.

What if you really need to use WhatsApp? Nowadays this popular instant messaging app is used not only to get in touch with your loved ones, but often for work reasons. Zdziarski suggests to use iTunes choosing a complex backup password or, alternatively, he suggests to lock your smartphone using a tool called Configurator.

What will happen to WhatsApp now? Needless to say that now everybody’s wondering how this latest revelation will affect the future of this Facebook-owned app, which is now the most successful app around the world, with over 1 billion active monthly users.