Security researchers from Mysk have raised concerns about how WhatsApp stores local chat data on Apple devices, claiming that chat databases on both iOS and macOS can be found unencrypted inside application group containers.

The claim was published on social media alongside screenshots showing WhatsApp-related SQLite databases stored within Apple's App Group storage system.

According to the researchers, the data may be accessible to applications that share the same developer group environment, potentially allowing other Meta-owned applications on the same device to access portions of WhatsApp's locally stored information.

Important: The allegations concern local data storage on user devices and do not demonstrate a failure of WhatsApp's end-to-end encryption system during message transmission.

What Researchers Claim

Mysk stated that WhatsApp stores chat databases inside an App Group container on iOS and macOS without encrypting the database itself.

The researchers argue that this storage design could allow applications within the same developer ecosystem to read portions of locally stored WhatsApp information if appropriate access permissions exist.

Screenshots shared publicly appear to show multiple WhatsApp database files including SQLite databases, WAL files, and metadata stored within Apple's shared application container framework.

"On iOS and macOS, WhatsApp stores chat databases unencrypted in an app group container."

The original post quickly gained attention among privacy researchers and security professionals due to WhatsApp's position as one of the world's largest encrypted messaging platforms.

Understanding The Difference Between Encryption In Transit And Local Storage

WhatsApp's security model primarily focuses on end-to-end encryption while messages travel between users.

End-to-end encryption prevents WhatsApp, Meta, internet providers, and third parties from reading message contents while communications are being transmitted through servers.

However, once messages arrive on a user's device they must typically be stored somewhere locally so users can view message history, media, contacts, and conversations.

That local storage layer is separate from the encryption protecting messages during transmission.

Key distinction: A locally stored database being accessible on a device does not automatically mean WhatsApp can read messages while they are traveling through its servers.

Matthew Green Pushes Back On Broader Claims

Cryptographer and security researcher Matthew Green responded to the discussion by pointing users toward an earlier analysis involving legal allegations against WhatsApp and Meta.

Green noted that many online discussions were conflating separate issues, including a class-action lawsuit that claimed Meta could secretly access supposedly encrypted WhatsApp communications.

According to Green's analysis, the lawsuit largely relied on allegations that lacked public technical evidence showing WhatsApp's end-to-end encryption had been compromised.

He argued that claims suggesting Meta could freely read all WhatsApp messages were not supported by currently available evidence.

"As best I can see, the allegations are pretty much the same."

His comments helped shift discussion toward the narrower question of how WhatsApp protects data stored locally on user devices rather than whether the Signal Protocol itself remains secure.

How Apple App Group Containers Work

Apple's App Group feature allows related applications from the same developer to share files and information through a common storage area.

The system is commonly used for widgets, companion applications, extensions, and synchronization features that need access to shared data.

Researchers argue that storing sensitive chat databases inside these containers may expand the potential attack surface compared to more isolated storage methods.

Whether this represents a practical privacy risk depends on numerous factors including operating system protections, application entitlements, sandboxing restrictions, and the exact implementation used by WhatsApp.

No Evidence Of Remote Message Decryption

Despite social media claims circulating after the discovery, no evidence has been presented showing that WhatsApp's end-to-end encryption protocol has been broken.

The reported issue concerns data already present on a user's device after messages have been received and decrypted for viewing.

Security experts often distinguish between:

Each layer introduces different privacy and security considerations.

Why The Story Matters

The debate highlights a recurring challenge facing privacy-focused applications.

Even when communication channels are strongly encrypted, local device storage can become a separate security concern requiring additional protections.

Modern messaging applications must balance performance, search capabilities, backups, synchronization features, and user experience against increasingly strict privacy expectations.

As encrypted platforms continue growing in popularity, researchers are paying closer attention not only to encryption protocols themselves but also to how user data is stored after messages arrive on devices.

Current status: Neither Mysk's claims nor the public discussion surrounding them demonstrate that WhatsApp's end-to-end encryption has been broken. The controversy centers on local storage practices and potential access paths on Apple devices.

Sources

This article was written by DigitalEscapeTools based on publicly available statements, researcher discussions, and technical analysis available at the time of publication.