News

WhatsApp does not delete files sent to iPhone users

Information security specialist Shitesh Sachan told The Hacker News about a problem he recently discovered in the WhatsApp messenger: it does not delete files sent to iPhone users.

The problem is very similar to a bug that researcher Dhiraj Mishra recently discovered on Telegram.

So, Sachan noticed that even if a WhatsApp user deletes a file that was accidentally sent to someone using the “Delete for Everyone” function, this does not work for iPhone users, and the multimedia files still remain on the device. Although the application at the same time assures that the message was successfully deleted.

‘’Delete for Everyone’ feature is intended to unsend mistakenly sent inappropriate messages—including text, photos and videos—from the recipient’s phone, or from the phones of all members of a group. Well, we’ve all been there, but what’s more unfortunate is that the ‘Delete for Everyone’ feature WhatsApp introduced two years ago contains an unpatched privacy bug, leaving its users with false sense of privacy”, — report in The Hacker News.

Shitesh Sachan
Shitesh Sachan

In the case of WhatsApp, the function is only available for 1 hour, 8 minutes and 16 seconds after sending the message you want to delete, which is good and fair. However, the fact is that any multimedia files received through WhatsApp are saved by default to Camera Roll on iPhone or Android Media Gallery, if it comes to Android. Although this can be changed in the settings, few people care about this, and this is precisely the root of the problem.

Read also: Bug in iOS 13 allows bypassing the lock screen and open the address book

So, when using the “Delete at all” function, files saved in Camera Roll iPhone are not deleted, while a similar action on an Android device will also delete files from the gallery too.

Though if Telegram developers recently made efforts to eliminate almost the same vulnerability in their messenger and paid a fee to the researcher for it, then WhatsApp developers answered Sachan that they did not see the problem:

“The opportunities provided by the Delete at all function are designed to delete messages, but there is no guarantee that media files (or messages) will be permanently deleted; Our implementation focuses on the presence of the message directly on WhatsApp”, – representatives of the messenger said.

There is another point of view: Apple policies do not allow applications to make any changes to files stored in the user’s Camera Roll without his consent. However, in this case, WhatsApp should not falsely advertise the “Delete for all” option for users, unless their recipients manually change the settings so as not to save attachments in the external storage of the device.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button