Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Redazione RHC : 30 November 2025 09:06
According to computer forensics expert Elom Daniel, WhatsApp messages can contain hidden geolocation data even when the user hasn’t intentionally shared their location.
He claimed to have received a routine WhatsApp message from a friend on September 3rd and subsequently had his smartphone analyzed during a forensic analysis. During this process, the device revealed the sender’s exact coordinates at the time the message was sent.
“Imagine receiving a regular WhatsApp message and then discovering that it secretly contains a person’s exact location, even though they never sent it,” Daniel wrote on social media platform X.
He claims that neither he nor the person he was speaking to activated geolocation or manually shared their coordinates. However, he claims that the message’s metadata contained precise GPS data. “He didn’t share it intentionally. I didn’t ask him for it. The device recorded it automatically,” the expert explained.
Daniel claims that during a forensic analysis of a smartphone, third parties can extract the sender’s coordinates from the recipient’s phone if location services were enabled on the device during the conversation. According to his explanation, if a user has enabled location access, their exact coordinates can be retrieved from someone else’s phone if that phone is verified.
According to the expert, other data was also recovered during the same procedure. Synced accounts and passwords, app usage history, and detailed internal system logs were extracted from the device. He emphasizes that no jailbreak, root access, or cracked versions of the software were used.
He also noticed that WhatsApp group data remained in the system long after users left the chats. This included the group creation dates, their creators, and membership history.
The media files on the device, he said, also contained a rich set of metadata. Photos, videos, screenshots, and voice messages included the GPS coordinates of the location and time the file was created.
Journalists asked WhatsApp to comment on these statements, which emerged in the context of recent discussions about user location data leaks on the social network X. WhatsApp’s support team sent a request to its AI-based support system.
The service’s response states that WhatsApp’s end-to-end encryption protects message content, including location data, and makes it accessible only to the sender and recipient. However, in the context of forensic analysis, the support team emphasizes that device-level metadata, such as location information, can be extracted by accessing the smartphone itself or its backup.
The response also emphasizes that the issue specifically concerns the device and operating system, not WhatsApp’s encryption protocol. Encryption does not prevent service data from being extracted from the phone, and that information is protected differently than the content of conversations. For users, this means the following in practice: while Messenger messages remain private, everything recorded by the smartphone can be analyzed if someone physically accesses it.
Redazione