Go to listing page

WhatsApp’s ‘Delete for Everyone’ feature doesn't delete images or videos sent to iPhone users

WhatsApp’s ‘Delete for Everyone’ feature doesn't delete images or videos sent to iPhone users
  • WhatsApp ‘Delete for Everyone’ feature claims to ‘unsend’ media files such as photos and video mistakenly sent to recipients.
  • However, the feature for iOS has not been designed to delete the media files sent to iPhone users (with default settings).

An application security consultant named Shitesh Sachan uncovered a privacy bug in WhatsApp’s ‘Delete for Everyone’ feature that doesn’t delete media files mistakenly sent to iPhone users.

More details about the issue

WhatsApp ‘Delete for Everyone’ feature claims to unsend media files such as photos and video mistakenly sent to recipients. This feature deletes the mistakenly sent media files from the recipients’ phones only within 1 hour, 8 minutes, and 16 seconds of sending the message.

  • However, the feature for iOS has not been designed to delete the media files sent to iPhone users (with default settings).
  • The mistakenly sent images will be saved in the recipients’ Camera Roll even if the WhatsApp screen displays that “This message has been deleted.”

WhatsApp with default settings will automatically save all images/videos received on iPhone's Camera Roll or Android's Media Gallery. In such a case, even if the sender deletes the message using ‘Delete for Everyone’, the image file will be saved in iPhone users’ Camera Roll.

On the other hand, if you are an Android user, WhatsApp will delete the mistakenly sent media files from the recipient's gallery as well.

The response from the vendor

The security consultant who uncovered the privacy bug reported the issue to WhatsApp. However, the vendor refused to address the issue, saying “The functionality provided via ‘Delete for Everyone’ is intended to delete the message and there is no guarantee that the media (or message) will be permanently deleted—the implementation focuses around the message presence in WhatsApp,” The Hacker News reported.

Cyware Publisher

Publisher

Cyware