Meta controls three of the top four messaging apps in the United States. Facebook Messenger has approximately 139 million US monthly users, Instagram Direct has about 170 million and WhatsApp with about 75.1 million; The most popular non-Meta app is Snapchat who comes in third with about 115 Million. With WhatsApp popularity and promise of secure messaging, it is likely to come up in your investigation.
WhatsApp: A Brief Overview
The WhatsApp communication app offers end-to-end encrypted messaging, voice, and video calls. It allows users to send text messages, voice messages, share images and video, documents, user locations, and other media. Additionally, WhatsApp offers the ability to participate in topic-based groups called Communities and follow posts made in news feed style channels. WhatsApp is commonly used for its group chat functionality in business environments, student study groups and by friends.
From a criminal investigation perspective, WhatsApp groups are frequently created in to promote fraud and identity theft services. These groups often serve as an advertisement and a way to interact with criminals selling stolen identity documents and credit card information. A WhatsApp user must be invited to join the group; once accepted, they can purchase Personally Identifying Information (PII) from the group organizer or other group members.
WhatsApp promotes its commitment to user privacy and data protection using encrypted messaging as a selling point. Despite its stance on privacy, WhatsApp does require that users provide a real phone number when they sign up for an account. This links the WhatsApp account to the user’s phone through two-factor authentication and allows for calls and messages to be received by the phone. For most criminal investigations, the linked phone number is a valuable investigative tool in determining the identity of a WhatsApp user. While it is not common, there are virtual SMS activator services that allow users to complete the verification process without having to use your personal contact or purchase a new SIM card.
NOTE: Because WhatsApp messages are end-to-end encrypted, A search warrant to Meta will not produce any message content. Investigators can determine that two users communicated, but not what was said. Message content can only be retrieved through the forensic examination of the mobile phone where WhatsApp was used.
WhatsApp’s Key Features
1. End-to-End Encryption: Ensuring that only the communicating users can read the messages, not even WhatsApp itself.
2. Group Chats: Users can create groups with up to 256 members to share messages, photos, and videos.
3. WhatsApp Web and Desktop: WhatsApp offers the convenience of using WhatsApp on a computer’s web browser or desktop app. Just because WhatsApp is most popularly used on phones, Investigators should not overlook computers and laptops as possible sources of evidence.
4. Status Updates: Similar to Snapchat’s Stories, these are ephemeral updates that disappear after 24 hours.
5. Voice and Video Calls: Encrypted calls that are a cost-effective alternative to traditional calls, especially international ones.
Who Uses WhatsApp?
WhatsApp’s user base is incredibly diverse, spanning across age groups, professions, and geographical locations. It’s particularly popular in countries like India, Brazil, and large parts of Europe and is frequently used for international calls. The app’s simplicity, low data usage, and the absence of ads have contributed to its widespread adoption. Users between 26 to 35 years old make up the majority of the United States user base.
Writing Search Warrants for WhatsApp
It is important to remember that WhatsApp was acquired by Meta Platforms Inc. and is not a product directly developed by that. Despite being owned by Meta, search warrants should be addressed to:
WhatsApp LLC
Attn: Law Enforcement Response Team
1 Meta Way
Menlo Park, CA 94025
Requests that search warrants be served by digital upload to their law enforcement portal: www.whatsapp.com/records/
As Meta merges more and more of its products, we may see WhatsApp become fully integrated into Facebook or replace the Facebook Messenger application altogether. Until then, search warrants should be addressed to the WhatsApp team but delivered to Meta’s address.
Data Retention and Accessibility
Once a WhatsApp message is delivered, they are deleted from Meta’s servers. However, undelivered messages are stored in their encrypted state for 30 days before they are deleted. There does not appear to be a limit to delivered messages being retained by a user; as long as the user does not take an action to delete a message they can be stored within the app for years.
WhatsApp maintains basic subscriber information and limited metadata, such as the users’ registered phone number, contacts (as WhatsApp users only), profile photo, status messages, and the last seen date. There are no published data retentions for profile information.
What can be collected
Account Information: Basic subscriber details and device-specific information.
Location Sharing: If shared by the user in a chat, location data may be retrievable.
User Connections: Contact lists including group memberships and interaction frequencies.
Meta AI: Meta recently released the Meta AI artificial intelligence assistant into the WhatsApp application. Users can interact with Meta AI and perform queries either directly similar to communicating with a contact or Meta AI can be called into a conversation with another user. It utilizes the Llama 3 Large Language Model (LLM) and operates similarly to Chat GPT for text queries and Midjourney for image creation.
The Meta AI feature can be activated within a conversation by using the @ and selecting Meta AI and providing a prompt. For example, when friends are deciding where to meet for coffee in Las Vegas, they would ask Meta AI for coffee shop recommendations using a query like “@Meta AI find a quite coffee sport off the Las Vegas Strip that is near UNLV.” The Meta AI assistant would provide business recommendations that both users in the chat could see and interact with. As this is a new feature, it is unknown if Meta AI queries and results can be collected pursuant to a search warrant.
Just because WhatsApp messages are encrypted doesn’t mean your investigation stops there. Subscriber information alone provides valuable investigative leads to ultimately identify your suspect; it will just take a few search warrants to do it. Warrant Builder is the most efficient way to complete WhatsApp warrants and collect the evidence you need for a solid case. Sign Up for a free trial and experience what Warrant builder can do for your investigations.
