When WhatsApp rolled out ‘Delete for Everyone’ it was considered a life saver for users who accidentally send a message to a wrong contact or wrong group. According to Shitesh Sachan, an application security consultant has found a privacy issue that shows not everything is deleted.
Originally reported by The Hacker News, WhatsApp by default automatically saves all images/videos you receive via WhatsApp to your iPhone’s Camera Roll or Android’s Media Gallery, Apple policies don’t allow the apps to make any changes to files saved on the users’ Camera Roll without their consent.
Even though this feature can be turned OFF from the app’s settings very few people either knows or care about it. Sachan reported this issue to WhatsApp, the company refused to address the issue or extend the feature, saying:
“The functionality provided via “Delete for Everyone” is intended to delete the message and there is no guarantee that the media (or message) will be permanently deleted—the implementation focuses around the message presence in WhatsApp.”
Earlier this week, a similar privacy flaw was disclosed in the “Delete for Everyone” feature of the Telegram messenger, which the company patched immediately to keep the feature useful in situations for which it has primarily been designed.
WhatsApp only allows users to delete for everyone within 1 hour, 8 minutes, and 16 seconds of sending a message you want to delete, which is a rather good time frame but not allowing users to delete images is a major concern.
WhatsApp argues that ‘delete for everyone’ feature in time will result in media being removed from the WhatsApp chat thread, and because they offer “simple” options to help iPhone users manage the media then they are happy that this is not a bug. This is just another security blunder by the Facebook owned company who care less about user privacy and more about locking customers into their ever-growing platform. Personally this seems to be another reason to dump WhatsApp and use services such as Telegram or Signal.