Alarm: WhatsApp Messages Secretly Contain Hidden Geolocation Data for Forensic Extraction
Messages in the WhatsApp messenger may contain hidden geolocation data even when the user has deliberately chosen not to share their location. This was brought to light by digital forensics specialist Elom Daniel.
According to him, he received an ordinary WhatsApp message from an acquaintance on September 3 and later analyzed the smartphone during a technical examination. During this procedure, the device revealed the precise coordinates of the sender at the moment the message had been sent.
“Imagine receiving a perfectly ordinary WhatsApp message and then discovering that it secretly contains the sender’s exact location, even though they never shared it,” Daniel wrote on X (the American company formerly known as Twitter).
He claims that neither he nor the sender had enabled location sharing or transmitted coordinates manually. Nevertheless, the message metadata reportedly contained precise GPS information. “He did not share it intentionally. I never requested it. The device recorded it automatically,” the expert explained.
Daniel asserts that during a forensic analysis of a smartphone, third parties can extract the sender’s coordinates from the recipient’s device if location services were active during the exchange. In his wording, if a user has location access enabled, their exact coordinates may be recoverable from someone else’s phone should that device undergo forensic examination.
He adds that the same procedure allowed other sensitive information to be retrieved. Synchronized accounts and passwords, app usage history, and detailed internal system logs were extracted from the device. As he stresses, no jailbreak, root access, or modified software was involved.
He also noted that WhatsApp group data remained stored in the system long after he had left those chats. Dates of group creation, the identities of group creators, and records of membership changes were still visible.
Multimedia files on the device, he says, also contained extensive metadata. Photos, videos, screenshots, and voice messages included GPS coordinates identifying the time and place of their creation.
Journalists sought comment from WhatsApp following these claims, which surfaced against the backdrop of recent discussions about geolocation leaks involving users of the social network X. WhatsApp’s support team forwarded the inquiry to its AI-assisted help system.
In the response generated by that system, WhatsApp states that end-to-end encryption protects message content, including shared location data, making it accessible only to sender and recipient. However, in the context of forensic analysis, the support team notes that metadata stored on the device—such as location information—may be extracted when there is access to the smartphone itself or its backup.
The reply further emphasizes that the issue stems from the device and operating system, not from WhatsApp’s encryption protocol. Encryption does not prevent the extraction of system-level metadata from a phone, and such information is not protected the same way as message content. For users, this effectively means the following: while message contents remain inaccessible to outsiders, anything recorded by the smartphone itself may become subject to analysis when physical access to the device is obtained.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
