Privacy Concerns Over WhatsApp Local Storage on macOS and iOS Spark Apple Data Protection Debate
What Happened — Researchers claim that WhatsApp stores unencrypted message data locally on macOS and iOS devices, potentially exposing user communications. Security experts argue the risk is overstated, noting that WhatsApp encrypts messages at rest and that access to the local database is limited.
Why It Matters for TPRM —
- Unclear data residency may conflict with corporate privacy and data‑sovereignty policies.
- Potential for inadvertent data leakage if a device is compromised or lost.
- Highlights the need to verify vendor‑level encryption and storage practices for approved communication tools.
Who Is Affected — Enterprises that permit employee use of WhatsApp on corporate‑issued Apple devices; notably firms in the technology, financial services, and healthcare sectors.
Recommended Actions — Review internal messaging policies, enforce full‑disk encryption on Apple devices, validate WhatsApp’s encryption implementation, and consider approved, enterprise‑grade communication platforms where appropriate.
Technical Notes — Alleged storage of plaintext SQLite databases on the device; no known CVE associated with the claim. The risk hinges on local file‑system access and the possibility of device compromise. Source: TechRepublic