We consider any data that exists beyond its useful life to be a risk. That’s why our messaging clients are ephemeral by default - to help ensure that as little data as possible is in your app if it is ever accessed without your authorization. There’s more to deleting data than just deleting it though, which is where forensic tools come in.
One of the most significant capabilities of forensic tools is their ability to recover “deleted” data. This is due to the way computer storage systems work, and the extent to which it can be done varies greatly depending on:
- the kind of device in use,
- the quality of the forensic tool,
- and the amount of time that passes between the deletion and the recovery.
In the hands of a worthy adversary, we consider this capability to be a risk to secure messaging, so to help mitigate it, our apps include functionality which works as best it can to minimize the likelihood that deleted data can be recovered with forensic tools.
Another feature of forensic tools is to recover and report on any application data found on a device. In this regard, these tools don’t necessarily do anything special beyond reading and displaying data in such a way that can be presented in a court of law, so Wickr apps don’t do anything to thwart them specifically. Rather, we rely on strong application security controls like encrypted app storage and authentication to protect against the generic threat of an attacker accessing your device and viewing your data - with or without a forensic tool.
What you should always remember is that with your password, or with access to your app which you’ve conveniently configured for autologin, forensic tools are just as capable as hackers or anyone else of accessing your app data. So, keep your password strong and use things like autologin wisely.