Encrypted Apps Can Protect Your Privacy — Unless You Use Them Like Eric Adams

2 months ago 33

Digital security appears to be a fixation of New York Mayor Eric Adams and his staff, at least according to his indictment on multiple charges, including soliciting and receiving campaign contributions from a foreign national, bribery, and wire fraud. 

But then why were they so bad at it?

Case in point: The indictment quotes a text message exchange between Adams and an unnamed staffer, in which the staffer allegedly tells Adams to “be o[n the] safe side Please Delete all messages you send me.” 

Adams, according to the indictment, texts back, “Always do.”

It goes without saying that this policy of deleting messages did not prevent investigators from discovering these communications.

Nor did an alleged attempt by the same staff member to delete encrypted messaging apps after asking for a bathroom break during a meeting with FBI agents. The staff member, according to the indictment, asked to excuse herself from the conversation, then removed from her phone the apps she had used to communicate with Adams, a Turkish official who coordinated various dealings with Adams, and others. 

This is not the first time the run-to-the-bathroom-to-flush-messages-down-the-toilet trick has been attempted. When Apple sued former iOS engineer Andrew Aude for allegedly leaking information on upcoming Apple products, the complaint noted that “Feigning the need to visit the bathroom mid-interview, Mr. Aude then extracted his iPhone from his pocket during the break and permanently deleted significant amounts of evidence from his device,” which included the popular encrypted messaging app Signal. 

Much like how attempts to flush drugs down the toilet don’t always destroy incriminating evidence, there are a plethora of forensic techniques to recover lingering trace evidence of applications which have been installed on a phone even after the app may have been deleted from the device. There are also a number of ways to recover trace remnants of communications, even if those communications are conducted via encrypted messaging apps. 

Deleting messages, or even an entire app, may nonetheless leave an array of bread crumbs for investigators that would betray the fact that interactions between certain parties may have transpired, even if the actual contents of the conversations may no longer be recoverable. 

Take Signal, for example. Signal offers a variety of options to delete messages, including the ability to delete a message that you sent to someone from the recipients’ devices, as well as the ability to set message duration lengths, after which they will disappear. However, these various deletion measures come with critical caveats that can nonetheless leave traces of the fact that communications between certain parties may have transpired — which in some cases may be sufficient to pose problems for the people implicated. 

There are a plethora of forensic techniques to recover lingering trace evidence of applications, even after the app may have been deleted from the device.

For example, although Signal offers the option for a sender to delete a message they sent to recipients, this feature comes with two notable asterisks. First, this “delete for everyone” feature can only be done within 24 hours of a message being sent, Second, the deleted messages are not deleted entirely, but are instead replaced with the boilerplate text that reads “This message was deleted” on recipients’ devices, or “You deleted this message” on the sender’s devices. Metadata about the original message, such as the time the original message was sent and received, is preserved as well. To effectively eliminate traces that a message had been sent and then deleted, both the sender and the recipients must individually tap on the deleted message placeholder and select “delete.”

When placing a Signal voice call on an iPhone, Signal integrates with the iPhone so that Signal calls show up in the “recents” list of calls in the iOS Phone app. This means that forensic investigators can simply check the Phone app to see who an individual called on Signal without having to utilize the Signal app at all. Though these instructions don’t appear to be documented on Signal’s official support portal, this feature can nonetheless be disabled by going to Settings, then Privacy, and making sure “Show Calls in Recents” is turned off on the Signal iOS app.

This is all to say, if you find yourself in a situation where you need an impromptu bathroom break in the middle of an interrogation to delete messages, you’re already in deep shit.

The post Encrypted Apps Can Protect Your Privacy — Unless You Use Them Like Eric Adams appeared first on The Intercept.

Read Entire Article