Lanre O

Imagine receiving a normal WhatsApp message from someone… and later discovering that the message secretly contained their exact location, even though they never shared it. That’s exactly what happened during a recent forensic extraction I performed on my iPhone 12 Pro Max. During the analysis, I found a I decided to pick a message I received from @RedHatPentester, on 3rd September 2025 at 7:11 AM. Nothing unusual at first glance just a regular text. But deep inside the message metadata, the phone had silently logged: @RedHatPentester exact location at the moment he sent that message. He didn’t share it intentionally. I didn’t request it. Yet the device recorded it automatically. This was extracted directly from my own phone, meaning: If your location is turned ON while chatting on WhatsApp, your exact location can be extracted from someone else’s device if theirs undergoes forensic imaging. Most people have absolutely no idea this happens. But this was only the beginning. Also, every single file created on the device, ie: photos, videos, screenshots, recordings had the exact location of where I was when that file was created. The phone automatically logged precise GPS coordinates for each media file. This means investigators can determine where you were at the exact moment you took a picture, recorded a video, captured a screenshot, or created any media on the device. This level of metadata helps reconstruct movements, timelines, and behaviors with incredible accuracy. The extraction revealed far more than hidden location data and remember, this phone was NOT jailbroken. Here’s what else was recovered: 1. Full Synchronized Accounts & Passwords The extraction pulled: •URLs •Usernames •Passwords •Stored login metadata Basically, every synchronized password ever used on the device all recovered without jailbreak. 2. Complete Application Logs & Histories Every installed application had: ✔ Detailed logs ✔ Usage history ✔ Internal data ✔ Metadata Even apps considered “secure” or “encrypted” still left behind recoverable traces. 3. Full WhatsApp Data, Including Group Histories WhatsApp revealed more than most users realize: •Full history of every group ever joined •Date each group was created •Who created it •Date I was added •Group metadata even after you exit the group This is critical in investigations because a suspect cannot deny belonging to a group when the device itself retains: 📌 Creation date 📌 Creator identity 📌 Join date 📌 Participation timeline Even if they left the group years ago. 4. Message-Level Location Metadata The iPhone logged exact sender locations at the moment messages were typed and sent just like what happened with @RedHatPentester message. Most people never see this. Investigators do. Why This Matters Every phone tells a story. Every app keeps footprints. Every message carries more than text. This extraction proves that even without a jailbreak, investigators can discover: ✔ Locations ✔ Passwords ✔ Group associations ✔ Message histories ✔ Detailed app activity ✔ Metadata most users never realize exists Digital devices rarely forget even when the user does.