tech2 News StaffSep 20, 2019 10:46:56 IST
WhatsApp's 'Delete for everyone' feature was rolled out about two years ago. The feature allows users to delete a message they sent from their own and the recipient's chat, given that they do that within 7 minutes of sending the message. However, a flaw has been discovered in the feature, which is allowing some users to access pictures and videos event after they were deleted by the sender.
First reported by The Hacker News, cybersecurity consultant Shitesh Sachan found that, when you send a media file to an iPhone user from any device — iPhone or Android — and then use the 'Delete For All' feature to retract it, iPhone users are able to still see the file in their camera roll. The media file only gets removed from the chat window.
Essentially, what happens here is that when an iPhone user has their WhatsApp settings set on default, any media that is transferred to them automatically gets downloaded into their camera roll. In case of Android, when a media file is deleted by the sender, it also gets removed from the phone's gallery, however, because Apple does not allow WhatsApp access to the camera roll, despite deleting the file from the chat, it remains in the iPhone.
We also tested the feature and the issue seems to be there. We have reached out to WhatsApp to learn more about the problem.
Reportedly, when Sachan reported the issue to WhatsApp, the company said, "The functionality provided via "Delete for Everyone" is intended to delete the message and there is no guarantee that the media (or message) will be permanently deleted—the implementation focuses around the message's presence in WhatsApp."
WhatsApp's Security team told The Hacker News the same thing saying, "This feature is working properly, and using the 'delete for everyone' feature in time will result in media being removed from the WhatsApp chat thread. We provide simple options to help iPhone users manage the media they receive from friends and family, per the best practices established by operating systems. If a user chooses to save images to their camera roll they are stored out of reach of WhatsApp's 'delete for everyone feature."
Currently, the only way out of this issue for iPhone users is to change their media visibility in WhatsApp Settings. Head to WhatsApp Settings > Chats and then disable media download to camera roll.