NEW YORK: A digital forensics investigator has claimed that WhatsApp messages may contain hidden GPS data even when users do not intentionally share their location, raising concerns about device-level privacy.
Elorm Daniel, a digital forensics investigator, said that he discovered the issue during an analysis of a routine WhatsApp message received on 3 September.
In a post on social media platform X, he said the message—sent without any location sharing—later revealed the sender’s exact GPS coordinates during a forensic review.
“Imagine receiving a normal WhatsApp message from someone… and later discovering that the message secretly contained their exact location, even though they never shared it,” he wrote.
Daniel said neither he nor the sender had shared any location information. However, he claimed the message’s metadata contained precise coordinates. “He didn’t share it intentionally. I didn’t request it. The device recorded it automatically,” he said.
He added that if a phone undergoes forensic imaging, a third party could retrieve the sender’s location from the recipient’s device, provided the sender’s location services were enabled at the time.
Imagine receiving a normal WhatsApp message from someone… and later discovering that the message secretly contained their exact location, even though they never shared it.
That’s exactly what happened during a recent forensic extraction I performed on my iPhone 12 Pro Max.… pic.twitter.com/SQu6sgOu0h
— Elorm Daniel (@elormkdaniel) November 25, 2025
Additional data extracted
Daniel said the same forensic process revealed further information stored on the device.
He said that synchronised accounts and passwords, app usage histories, and internal logs were recovered without any jailbreak or software manipulation.
He also claimed that WhatsApp group data, including creation dates, creator identities, and membership histories, remained visible long after he had left those groups.
Media files on the device also reportedly contained detailed metadata. Daniel said photos, videos, screenshots, and voice recordings included precise GPS coordinates showing when and where they were created.
WhatsApp responds
Asked for comment regarding the claim, which gains new relevance after location data for users of US media company X became available, making headlines worldwide, a WhatsApp Support Team directed the inquiry to its AI-powered support system.
In a response shared by Daniel, the AI-assisted service said WhatsApp messages are protected by end-to-end encryption, but noted that device-level metadata can still be extracted during forensic analysis.
“WhatsApp’s end-to-end encryption ensures that messages, including location data, are encrypted and can only be accessed by the sender and the intended recipient,” the response said.
It added that the issue relates to device behaviour rather than WhatsApp itself.
The service also said that encryption does not prevent the extraction of metadata and that such information is not safeguarded in the same way as message content.
