New research from iOS security firm Mysk reveals that WhatsApp stores chat histories in plaintext within shared app group containers on macOS and iOS, exposing decrypted message databases to other Meta-owned applications without requiring explicit user consent.
Shared Containers and Plaintext Storage
The vulnerability centers on WhatsApp’s local storage architecture. After messages are decrypted for user access, the platform writes chat data to a SQLite database file named “Axolotl.sqlite,” located in the shared app group container `group.net.whatsapp.WhatsApp.shared`.
This container adheres to Apple’s sandboxing model, which permits data exchange between applications from the same developer. Consequently, other Meta apps on the same device—such as Facebook and Instagram—can theoretically read the database in plaintext without triggering user notifications or permission prompts.
End-to-End Encryption Does Not Extend to Local Data
While WhatsApp’s end-to-end encryption (E2EE) secures messages during transmission between users, this protection ceases once data is decrypted on the device. Local storage security depends entirely on application implementation, not on the encryption protocol used for transit.
The Mysk demonstration highlights that attackers cannot intercept messages in transit, but any compromise of the device—or access by authorized apps within the shared container—could expose sensitive chat histories. On macOS, where file system access is more flexible, the risk is amplified if endpoint security controls are weak.
Enterprise and User Mitigations
Organizations concerned about data isolation should enforce strong device passcodes and biometric locks, and consider restricting installation of unnecessary apps from the same developer ecosystem. Mobile device management (MDM) solutions can limit app permissions in enterprise environments.
Regularly updating iOS, macOS, and WhatsApp is essential to benefit from security improvements. For high-security use cases, organizations may evaluate alternative messaging platforms that implement stricter local storage encryption models.
What This Means for the Industry
This disclosure underscores a broader challenge: securing data not only in transit but also at rest on endpoint devices. As messaging platforms emphasize encryption, attention is shifting toward endpoint security, where decrypted data inevitably resides. The findings are likely to accelerate scrutiny of how major applications handle local data storage and whether stronger encryption-at-rest mechanisms should become standard practice for privacy-focused services.
— Originally reported by Cyber Security News. Adapted and republished with editorial context for MacThreat.
