Tuesday, December 24, 2024
HomeInternetWhatsApp Privacy Flaw - Delete for Everyone Feature Fails to Delete Media...

WhatsApp Privacy Flaw – Delete for Everyone Feature Fails to Delete Media from iPhone

Published on

SIEM as a Service

WhatsApp introduced ‘delete for everyone’ feature last year. this is a quite life-saving feature which let you recall the message that you sent accidentally.

Security Consultant Shitesh Sachan, noted that the feature was not working an intended with media files if the recipient using an iPhone and having WhatsApp feature Save to Camera Roll enabled.

This feature is available only for iPhone users and it can be enabled or enabled WhatsApp > Settings > Chats > Save to Camera Roll.

- Advertisement - SIEM as a Service
WhatsApp Feature Save to Camera Roll

The problem is that if a user having this feature enabled then automatically images will get saved in the device’s Camera Roll and it cannot be deleted. Because of security restriction with iOS that denies third-party apps in accessing device gallery without permission.

According to Shitesh Sachan findings shared with GBHackers On Security, if the sender accidentally posted a photo and if he wants to delete the message using ‘delete for everyone’ feature the message will get delete only from the Whatsapp chat thread and not from Gallery if the recipient uses the iOS device.

With the android device the feature works as intended, Whatsapp can delete the photo’s saved in the Gallery, but not with iOS device’s,

“WhatsApp should accept and tell to everybody that images will not get removed from Iphone users if they have enabled this feature or they should remove the item once user requested for that despite having that feature enabled,” Shitesh Sachan added.

The issue is more sensitive in the case of Whatsapp group’s that contains both iOS and Android users. If user A shared a confidential photo in the group, later he deletes the message using ‘delete for everyone’ feature it works only for Android devices and not for iOS devices.

WhatsApp explained in a statement shared to The Hacker News, that using ‘delete for everyone’ feature removes the media from the chat thread, but if the user selected to save with Camera Roll, then it is out of WhatsApp control.

WhatsApp possibly make changes in the future release, it is always safe to double-check the messages before sending it.

Related Read:

WhatsApp Web – A Complete Guide To Use on Windows, Mac, Linux

Israel Firm Linked With WhatsApp Spyware Hack Faces Lawsuit

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Hackers Exploit iOS Settings to Trigger Fake iOS Updates on Hijacked Devices

A sophisticated mobile attack vector involves a deceptive iOS update that masquerades as the...

Beware Of Dating Apps Exposing Your Personal And Location Details To Cyber Criminals

Threat actors often attack dating apps to steal personal data, including sensitive data and...

Europol Concerns Over Privacy Enhancing Technologies Challenge Lawful Interception

A new position paper argues that Privacy Enhancing Technologies (PET) used in Home Routing...