We also found that QQ messenger stores the encryption key for the database files into an external server. Moreover, in the cases of KakaoTalk and NateOn applications, we found that their encrypted database files can successfully be recovered without requiring user password.
Our analysis results demonstrate how the database files of those instant messaging applications are stored and encrypted. We particularly examined the encryption and decryption procedures for internal databases in those messaging applications through reverse-engineering. In this paper, we analyzed the locations and file formats of personal data files in three instant messaging applications (KakaoTalk, NateOn, and QQ) which are the most popularly used in China and South Korea. Because those data typically include privacy sensitive information, most instant messaging applications are trying to protect the stored data in an encrypted form so that the authorized messaging application itself can only access the data. Instant messaging applications store users' personal data (e.g., user profile, chat messages, photos and video clips).
