Though I don't trust FB (and its entities) on privacy, I'll assume that WhatsApp security team was aware of this and was planning to get to it after the end-to-end encryption was completed (recently). It's possible they were (or are) working on this.<p>The original blog post by Jonathan Zdziarski [1] linked in this article is a lot more informative and provides some pointers to handle this better as a user, and should be read by anyone interested in this topic or thread. The main cause here seems to be a simple use of SQLite without considering how marking data as deleted isn't enough (of course, that's never enough on any storage system that doesn't use encryption).<p>Quote from the blog post [1]:<p>"Forensic trace is common among any application that uses SQLite, because SQLite by default does not vacuum databases on iOS (likely in an effort to prevent wear).
...
There is no guarantee the data will be overwritten by the next set of messages. In other apps, I’ve often seen artifacts remain in the database for months."<p>Quote from the article on The Verge:<p>'The majority of messaging apps leave similar traces, recoverable through iCloud backups, although a number of privacy-focused apps do not. "iMessage leaves a lot [of forensic traces]," Zdziarski said, reached by The Verge. "Signal leaves virtually none."'<p>It's good that Signal has handled this well, which would be expected considering the basic premise/foundation of Signal and the strong emphasis it places on encryption and security. The "virtually none" part seems to leave a gap for doubt to creep in. I'm not sure if that's something anyone should worry about (especially the people who depend on privacy to avoid danger everyday).<p>[1]: <a href="http://www.zdziarski.com/blog/?p=6143" rel="nofollow">http://www.zdziarski.com/blog/?p=6143</a>