‘Delete for Everyone’ On WhatsApp Doesn't Really Work On iPhones, Researcher Said

No software is free from bugs. No matter how good the developers are, no matter the platform, there can be bugs lurking waiting to be found.

This time, researcher Shitesh Sachan discovered a flaw on the Facebook-owned WhatsApp. The popular chat app for iOS cannot really delete media files once the app's ‘s ‘Delete for Everyone’ feature is used. The feature designed to let users delete texts and files after being sent, could still leave traces inside recipients' iPhones.

In other words, media files sent to iPhone users who have enabled the 'Save to Camera Roll' setting, will have the files remain on the device.

Sachan said that although WhatsApp really do attempt to remove the files, but the bug happens to actually make the files invisible to WhatsApp, despite still being present.

Fortunately for Android users, this bug isn't present on their devices, as the 'Delete for Everyone' feature works like it should. Once used, media files told to be deleted, will be removed on both the chat app and the recipient's photo gallery.

But for iPhone users, they are unfortunate due to the discrepancy of how things work between Android handsets and iPhones.

Sachan contacted WhatsApp about the flaw, and in response, the company's spokesperson suggested that the feature offers no guarantee that media files will be properly purged from devices’ storage.

"The functionality provided via ‘Delete for Everyone’ is intended to delete the message and there is no guarantee that the media (or message) will be permanently deleted —the implementation focuses around the message presence in WhatsApp," explained the spokesperson to the researcher, as reported by The Hacker News.

Suggesting that WhatsApp disagreed with the researcher, the spokesperson continued by saying that: "This feature is working properly, and using the 'delete for everyone' feature in time will result in media being removed from the WhatsApp chat thread."

"We provide simple options to help iPhone users manage the media they receive from friends and family, per the best practices established by operating systems. If a user chooses to save images to their camera roll they are stored out of reach of WhatsApp's 'delete for everyone feature."

iPhone settings

While WhatsApp didn't really consider this a security risk, the difference in behavior between WhatsApp on Android and iOS could put users into some privacy issues.

For example, Android users that are already accustomed to the app’s functionality might not know that the recipients of their messages could still have the accidentally-sent file stored locally on their devices.

Millions of people rely on chat apps, and the delete for everyone feature can save them from the awkwardness when mistakenly sending messages/pictures/videos to the wrong person. As the name indicates, the 'Delete for Everyone' feature can also unsend inappropriate messages from the recipient's phone, or from the phones of all members of a group chat.

This feature is supposed to do that, and is certainly a lifesaver.

But with this particular WhatsApp flaw (incapability) for iOS, it shows how vulnerable users really are when it comes to becoming dependent on technology to share sensitive information.

Previously, a similar thing happened to the privacy-focused Telegram. The chat app by Pavel Durov was found to improperly remove files on recipients' phones after the 'unsend' feature is used.

Security researcher Dhiraj Mishra who discovered the flaw, submitted the issue to Telegram security team via email, and the company quickly pushed a fix on version 5.11, published on September 5th.

Published: 
19/09/2019