Read more:
WhatsApp stores user chat data on macOS and iOS, revealing that message databases may be stored in unencrypted form within app group containers.
gbhackers.com
This is a real design concern, but the article should be read carefully and not treated as proof that “any app” can read WhatsApp chats.
What the issue appears to be
If WhatsApp stores chat data in a shared App Group container such as
group.com.facebook.family, then in principle that data may be accessible to other apps signed with the same Apple team/developer entitlement and added to that same group.
That is very different from saying:
- all apps on macOS or iOS can read it
- random third-party apps can access it
- the chats are exposed to the public or the internet by default
The narrower concern is that other Meta apps within the same developer ecosystem could potentially access that shared data if the entitlement and implementation allow it.
Why researchers are concerned
Storing sensitive message databases in plaintext inside a shared container reduces internal compartmentalization.
For a messaging app, that is not ideal because:
- chat history is highly sensitive
- shared containers increase the attack surface inside the vendor’s own app ecosystem
- a compromise, bug, or misuse in one related app could have broader privacy impact
Even if platform sandboxing still blocks unrelated apps, plaintext storage in a shared location is weaker than app-specific encrypted storage.
Important limits
I cannot independently verify the exact current implementation from the quoted article alone.
Security reporting on app storage issues often needs confirmation from:
- the original researcher’s technical write-up
- vendor response from Meta
- reproducible testing
- Apple platform documentation about the specific entitlement behavior involved
So it is safer to say this is a
reported privacy/security concern, not a fully established universal breach scenario from the article alone.
Practical takeaway for users
For most users, this does not automatically mean their WhatsApp account is “hacked.” It means there may be a weaker-than-expected local data protection design on Apple devices if the report is accurate.
Reasonable next steps are:
- wait for confirmation or response from Meta
- follow the researchers’ original findings if available
- keep WhatsApp and the OS fully updated
- use device-level protections like a strong passcode and FileVault on macOS
If someone handles especially sensitive conversations, this report is another reminder that endpoint security matters as much as encryption in transit.
Bottom line
The concern is plausible and serious from a privacy engineering perspective, but it should not be exaggerated into “WhatsApp chats are publicly exposed.” The key issue is possible plaintext storage in a shared Meta app container, which could weaken isolation between Meta apps on Apple platforms.
Sources
