A digital forensics expert has discovered that WhatsApp does not fully remove chats when they are deleted on an iPhone. Although hidden to the user, the chat remains inside the app, and because of the way iPhone backups work, it could mean data falling into the hands of third parties.

Jonathan Zdziarski posted his discovery on his blog Thursday. WhatsApp’s database marks deleted chats as “free,” so when the app needs database space it can override removed conversations. That means if a lot of chats have been deleted, there will be a large backlog of “free” chats that may take ages to override with new chats. The only way a user can make sure these chats are deleted is by deleting WhatsApp altogether.

“The design choices they [software developers] make when developing a secure messaging app has critical implications for journalists, political dissenters, those in countries that don’t respect free speech, and many others,” Zdziarski said. “A poor design choice could quite realistically result in innocent people – sometimes people crucial to liberty – being imprisoned.”

It’s a serious blow for a messaging service that has doubled down on privacy efforts. In April, WhatsApp switched on its end-to-end encryption feature, and instantly became the world’s largest encrypted messaging system. WhatsApp doesn’t encrypt everything, though: the service states in its privacy policy that it may retain some time stamp information, along with “any other information which WhatsApp is legally compelled to collect.”

Whatsapp CEO Jan Koum arrives for a Keynote conference as part of the first day of the Mobile World Congress 2014 at the Fira Gran Via complex on February 24, 2014 in Barcelona, Spain.
Whatsapp CEO Jan Koum arrives for a Keynote conference as part of the first day of the Mobile World Congress 2014 at the Fira Gran Via complex on February 24, 2014 in Barcelona, Spain.

“Simply preserving deleted data on a secure device is not usually a significant issue, but when that data comes off the device as freely as WhatsApp’s database does, it poses a rather serious risk to privacy.” Zdziarski said. “Unfortunately, that’s what’s happening here and why this is something users should be aware of.”

WhatsApp application data gets copied when the iPhone is backed up. If it’s backed up to a computer using iTunes, there’s an “encrypt backup” option in device settings, so it’s not as much of a problem (assuming you use a long password that’s not stored anywhere).

The bigger issue is if you’re using iCloud backup. These are encrypted, but Apple has the key to decrypt them, leaving them open to law enforcement requests. An Apple lawyer told a House committee in April that the company was exploring iCloud encryption that could solve this issue, but for now it remains a risk.

It seems that the only way to actually delete these chats is to delete the app. Zdziarski recommends deleting the app every now and then, disabling iCloud backups and encrypting iTunes backups with a strong password. On WhatsApp’s side, the developers could fix this with a software update that uses a different chat storage method, or simply mark the database as something the iPhone should not back up.

Photos via Getty Images / David Ramos, Getty Images / Justin Sullivan