WhatsApp ‘Delete for Everyone’ feature potentially puts user privacy at risk

WhatsApp’s “Delete for Everyone” feature, meant to allow people to delete files they accidentally sent, works differently on iPhones than it does on Android phones, a researcher has warned. This discrepancy could place senders’ privacy at risk by leaving some media files undeleted on recipients’ iPhones.

WhatsApp has a vast install base of 1.5 billion users in over 180 countries. Most WhatsApp customers use the service daily, including for group chats with friends, family members or co-workers. Such a popular service is subject to scrutiny from privacy activists and cybersecurity researchers.

Most recently, researcher Shitesh Sachan has raised a red flag regarding WhatsApp’s functionality – specifically, a discrepancy surrounding the “Delete for Everyone” feature on iPhones (iOS) and Android devices. According to Sachan, the feature doesn’t delete media files sent to iPhones of users who have the “Save to Camera Roll” setting on. While the message containing the deleted file does disappear for everyone in the group chat, regardless of platform, if any iPhones in the group chat have “Save to Camera Roll” set to On, the files stay with the recipients.

On Android, WhatsApp behaves differently even with the identical configuration. If a user accidentally sends a file to a group, by deleting it for everyone, the actual file saved to the Android recipient’s photo gallery is deleted as well.

The difference in behavior between the two platforms could put users at risk. For example, Android users accustomed to the app’s standard functionality might not know that their iPhone counterparts could still have the accidentally-sent file stored locally on their devices.

The WhatsApp folks disagree with the researcher in that this is a privacy / security issue.

As reported by The Hacker News, when Sachan reported the issue to the company, a spokesperson allegedly replied:

“The functionality provided via ‘Delete for Everyone’ is intended to delete the message and there is no guarantee that the media (or message) will be permanently deleted—the implementation focuses around the message presence in WhatsApp.”

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at:

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)