Tada

The State Attorney General, Álvaro García Ortiz, believed he had deleted messages that could help incriminate him in a crime of disclosure of secrets. In reality, this was not the case, because it doesn't matter if you delete your WhatsApp messages: Google saves them anyway . Now the Supreme Court has received documentation from Google/Meta that will assist in the case.

The ruling is currently secret, and we don't know exactly what information these companies have sent, but we can formulate several hypotheses to answer two questions. First, have the deleted messages been accessed? And second, how were they able to read these messages?

What happened ? The Attorney General of the State, Álvaro García Ortiz, was charged in October with the crime of revealing secrets, as reported at the time in El Confidencial . The charge refers to the alleged leak to the press of the emails of Isabel Díaz Ayuso's partner or having ordered other prosecutors to do so. The same newspaper reported in February that on the same day the case was opened, García Ortiz deleted the WhatsApp messages from his cell phone, restored it, and changed devices.

Request to Google and Meta . The Supreme Court, El País reported in January, has been trying to gather information on the case for some time. A request was made to the Irish offices of Google and WhatsApp (Meta) through Eurojust , an agency for judicial cooperation in criminal cases. The request sought to recover "information linked to instant messaging applications installed on two mobile devices belonging to Álvaro García Ortiz, as well as an email account." According to El Mundo , that request was eventually forwarded to the United States after Ireland advised that the information request should be made to that country. 

A ZIP folder . According to El Confidencial , Supreme Court Justice Ángel Luis Hurtado has indicated that the data recovery appears to have been successful. Either Google or Meta (it is not specified which) submitted documentation in the form of a ZIP-compressed folder. This new data, the judge indicates in the ruling to which El Confidencial has had access, will be analyzed by experts, and the result of that investigation will confirm whether the data recovery was indeed "successful." The question is whether they were able to read those messages and how they managed to do so. There are several hypotheses.

Hypothesis 1: Metadata . During the investigation, the UCO also searched the electronic devices of the chief prosecutor of Madrid province, Pilar Rodríguez, according to 20Minutos . Rodríguez was the person with whom García Ortiz allegedly maintained contact in the indictment for the crime of revealing secrets. She did not delete her messages or restore her phone, so the UCO was able to access the conversations through her device, as reported by El Confidencial . The contents of the ZIP folder in the magistrate's possession could also have been sent by Meta/WhatsApp, which would not have sent the messages—it cannot, theoretically it does not have access to them—but it did contain the metadata of García Ortiz's conversations. This metadata could be used to compare and contrast Rodríguez's messages, thus providing evidence for the Attorney General's indictment.

Hypothesis 2: Unencrypted backups . On WhatsApp, users can back up their messages to cloud services like Google Drive or Apple iCloud, but beware: by default, these backups are not encrypted. Users are required to proactively enable encryption for backups , and perhaps García Ortiz failed to do so. This would have allowed Google, which was asked to help, to access this data and forward it to the magistrate in charge of the case.

Hypothesis 3: Physical access to the device . The most obvious way to access a user's WhatsApp messages is to have physical access to their mobile device . In that case, forensic experts can, with the right tools, obtain the key to decrypt the messages from the WhatsApp database, even if they have been deleted. In this case, García Ortiz deleted the messages and restored the device to its factory state, which likely made it impossible to recover them from the device even with physical access.

End-to-end encryption is there . It's worth clarifying that WhatsApp has been using an end-to-end encryption protocol for all conversations for years. Only the sender and the recipient can read them, but no other person or entity can decrypt those messages. Not even Meta , through whose servers texts, images, videos, and any other type of content are sent and forwarded. 

If you want to delete your messages, be careful with your backups . WhatsApp users can't do anything with the metadata, which Meta stores, but they can with the messages if they want to effectively delete them. As this case shows, simply deleting them from our phone isn't enough: if we make backups of our messages, it's important to enable encryption for those backups.

But a special warning about backups . Be especially careful with backup encryption, as it doesn't work like end-to-end encryption. Backups are encrypted with a key/password that only you know, and therefore it's best to make it strong so it can't be broken with brute-force attacks, for example. WhatsApp actually gives you the option to create a 64-digit key, but... it does it. 

Suspicions . This is where the debate comes in about how Google/Apple/Meta manages that encryption password, and whether they can somehow decrypt it for potential court requests. Be that as it may, the other solution, of course, is not to back up messages unless you consider it absolutely essential. This whole process raises suspicions about whether the backup is actually vulnerable on the part of Meta and Google/Apple themselves.