A debate has started over the way WhatsApp stores messages on iPhones. It comes at the same time as a new privacy lawsuit from the Texas Attorney General against Meta. The discussion focuses on a technical detail in how the app saves chat data locally on Apple devices.
Cryptographer Matthew Green at Johns Hopkins had previously looked into another class action lawsuit targeting Meta. He found the claims of an intentional backdoor did not hold up. Other researchers still raised a separate issue with local storage instead.
Mysk, known for iOS security work, examined the files WhatsApp leaves on the device. They discovered the chat database remains unencrypted when saved on iOS and macOS. The file uses an app group container, a shared space designed for apps from the same developer to exchange information. Developers set these up when they want their apps to share things like login states or cached content.
This arrangement could allow other Meta apps on the phone, such as Facebook or Instagram, to read the chats without encryption or user approval. The researchers pointed out that the data would appear in plain text. Many users keep multiple Meta apps installed, which makes the possibility worth noting.
WABetaInfo responded that the concern overlooks Apple’s sandboxing system. This built-in protection stops apps from accessing files outside their designated area. It acts like a strict boundary that the operating system enforces at a low level.
It means that attempts by Facebook or Instagram to reach the WhatsApp database folder produce no results under normal conditions.
Reaching the data would require a deep system-level exploit to bypass Apple’s security boundaries. Such attacks remain rare for average users and usually target specific high-value devices. The average person does not face this risk from other apps alone.
Mysk replied that the current protection rests on Meta’s development choices more than on hard technical limits. The apps share common structures and permissions frameworks already. Apple provides ways for developers to link apps more closely if they choose. Enabling cross-access would involve a minor setting change when building the app in Apple’s Xcode tools.
WABetaInfo noted that any move to change those permissions would not go unnoticed. Security researchers and update trackers monitor Meta apps for new entitlements or data sharing features. The community would likely spot and report it quickly.
Your WhatsApp chats on iPhone stay protected from other apps on the device for the time being. End-to-end encryption keeps messages secure during transfer between users. It does nothing once the messages sit stored on the phone itself.
So once the data reaches the phone, its safety depends on Apple’s sandbox rules and how Meta configures its apps.
Featured image generated with AI



