DecryptedTech

Saturday03 December 2022

New Apps Allow Retrieval of Deleted Message for Users of WhatsApp on Android


Reading time is around minutes.

WhatsApp is one of a group of relatively secure messaging services available to both iPhone and Android users. WhatsApp states that it supports full end-to-end encryption, secure deletion of messages (by the sender and receiver) as well as the option to setup disappearing messages. It can also be set to block screen shots of chats which is nice when you want to keep your conversation private.

However, it seems there is a group of Apps on Google Play that can get around some of the secure deletion options in WhatsApp simply by capturing the notification as it comes in. On most Android phones the notification may contain a small amount (or the whole) message depending on how you have the app and your phone set up. When installing these apps part of the configuration is to allow them access to the notifications setting for the app you want to monitor. In this case it is WhatsApp, but it is possible to manage other Apps as well.

Once the message is received and the original notification is posted, the app grabs that and makes a backup of the message. If it is deleted, you can still go and view the message via the backup made by the app. Of course, there is also the possibility that apps like this can offload your messages and grab other information about you. One app, WAMR, could also be able to grab your internet search history and your contact list. Personally, an app like this is not really something that I would be interested in. If I, or someone I am talking to, deletes a message there is a good reason. However, it appears that I might be in the minority here as WAMR has already been downloaded 10 million times. Either there are some people that are deleting things before they read them, or there might be a lot of people trying to make copies of sensitive messages.
Vulnerabilities like this in mobile devices are nothing new. The Android operating system a bit too open on many devices. Some phone makers and carriers do add in some additional security that could prevent this type of pivot, but for the most part it is once again up to you to keep track of what you are doing and decide if you want to potentially risk your privacy or the privacy of those you communicate with. At 10 million downloads, I am guessing there are a lot of people willing to risk it which is not a good sign for the future of mobile security.

It will be interesting to see how quickly Google, Facebook, WhatsApp, and other respond to the simple exploitation of what is clearly a vulnerability in the OS notification system. We are also interested in seeing how quickly the antimalware industry is going to respond as the demand for better mobile security has been coming from just about every market and vertical.

Stay safe out there.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.