An application security consultant named Shitesh Sachan uncovered a privacy bug in WhatsApp’s ‘Delete for Everyone’ feature that doesn’t delete media files mistakenly sent to iPhone users.
More details about the issue
WhatsApp ‘Delete for Everyone’ feature claims to unsend media files such as photos and video mistakenly sent to recipients. This feature deletes the mistakenly sent media files from the recipients’ phones only within 1 hour, 8 minutes, and 16 seconds of sending the message.
WhatsApp with default settings will automatically save all images/videos received on iPhone's Camera Roll or Android's Media Gallery. In such a case, even if the sender deletes the message using ‘Delete for Everyone’, the image file will be saved in iPhone users’ Camera Roll.
On the other hand, if you are an Android user, WhatsApp will delete the mistakenly sent media files from the recipient's gallery as well.
The response from the vendor
The security consultant who uncovered the privacy bug reported the issue to WhatsApp. However, the vendor refused to address the issue, saying “The functionality provided via ‘Delete for Everyone’ is intended to delete the message and there is no guarantee that the media (or message) will be permanently deleted—the implementation focuses around the message presence in WhatsApp,” The Hacker News reported.