WhatsApp's AI tools will use a new “Private Processing” system designed to allow cloud access without letting Meta or anyone else see end-to-end encrypted chats. But experts still see risks.

The end-to-end encrypted communication app WhatsApp, used by roughly 3 billion people around the world, will roll out cloud-based AI capabilities in the coming weeks that are designed to preserve WhatsApp’s defining security and privacy guarantees while offering users access to message summarization and composition tools.

Meta has been incorporating generative AI features across its services that are built on its open source large language model, Llama. And WhatsApp already incorporates a light blue circle that gives users access to the Meta AI assistant. But many users have balked at this addition, given that interactions with the AI assistant aren’t shielded from Meta the way end-to-end encrypted WhatsApp chats are. The new feature, dubbed Private Processing, is meant to address these concerns with what the company says is a carefully architected and purpose-built platform devoted to processing data for AI tasks without the information being accessible to Meta, WhatsApp, or any other party. While initial reviews by researchers of the scheme’s integrity have been positive, some note that the move toward AI features could ultimately put WhatsApp on a slippery slope.

“WhatsApp is targeted and looked at by lots of different researchers and threat actors. That means internally it has a well understood threat model,” says Meta security engineering director Chris Rohlf. “There's also an existing set of privacy expectations from users, so this wasn’t just about managing the expansion of that threat model and making sure the expectations for privacy and security were met—it was about careful consideration of the user experience and making this opt-in.”

End-to-end encrypted communications are only accessible to the sender and receiver, or the people in a group chat. The service provider, in this case WhatsApp and its parent company Meta, is boxed out by design and can’t access users’ messages or calls. This setup is incompatible with typical generative AI platforms that run large language models on cloud servers and need access to users’ requests and data for processing. The goal of Private Processing is to create an alternate framework through which the privacy and security guarantees of end-to-end encrypted communication can be upheld while incorporating AI.

Users opt into using WhatsApp’s AI features, and they can also prevent people they’re chatting with from using the AI features in shared communications by turning on a new WhatsApp control known as “Advanced Chat Privacy.”

“When the setting is on, you can block others from exporting chats, auto-downloading media to their phone, and using messages for AI features,” WhatsApp wrote in a blog post last week. Like disappearing messages, anyone in a chat can turn Advanced Chat Privacy on and off—which is recorded for all to see—so participants just need to be mindful of any adjustments.

Private Processing is built with special hardware that isolates sensitive data in a “Trusted Execution Environment,” a siloed, locked-down region of a processor. The system is built to process and retain data for the minimum amount of time possible and is designed grind to a halt and send alerts if it detects any tampering or adjustments. WhatsApp is already inviting third-party audits of different components of the system and will make it part of the Meta bug bounty program to encourage the security community to submit information about flaws and potential vulnerabilities. Meta also says that, ultimately, it plans to make the components of Private Processing open source, both for expanded verification of its security and privacy guarantees and to make it easier for others to build similar services.

Last year, Apple debuted a similar scheme, known as Private Cloud Compute, for its Apple Intelligence AI platform. And users can turn the service on in Apple’s end-to-end encrypted communication app, Messages, to generate message summaries and compose “Smart Reply” messages on both iPhones and Macs.

Looking at Private Cloud Compute and Private Processing side by side is like comparing, well, Apple(s) and oranges, though. Apple’s Private Cloud Compute underpins all of Apple Intelligence everywhere it can be applied. Private Processing, on the other hand, was purpose-built for WhatsApp and doesn’t underpin Meta’s AI features more broadly. Apple Intelligence is also designed to do as much AI processing as possible on-device and only send requests to the Private Cloud Compute infrastructure when necessary. Since such “on device” or “local” processing requires powerful hardware, Apple only designed Apple Intelligence to run at all on its recent generations of mobile hardware. Old iPhones and iPads will never support Apple Intelligence.

Apple is a manufacturer of high-end smartphones and other hardware, while Meta is a software company, and has about 3 billion users who have all types of smartphones, including old and low-end devices. Rohlf and Colin Clemmons, one of the Private Processing lead engineers, say that it wasn’t feasible to design AI features for WhatsApp that could run locally on the spectrum of devices WhatsApp serves. Instead, WhatsApp focused on designing Private Processing to be as unhelpful as possible to attackers if it were to be breached.

“The design is one of risk minimization,” Clemmons says. “We want to minimize the value of compromising the system.”

The whole effort raises a more basic question, though, about why a secure communication platform like WhatsApp needs to offer AI features at all. Meta is adamant, though, that users expect the features at this point and will go wherever they have to to get them.

“Many people want to use AI tools to help them when they are messaging,” WhatsApp head Will Cathcart told WIRED in an email. “We think building a private way to do that is important, because people shouldn’t have to switch to a less-private platform to have the functionality they need.”

“Any end-to-end encrypted system that uses off-device AI inference is going to be riskier than a pure end to end system. You’re sending data to a computer in a data center, and that machine sees your private texts,” says Matt Green, a Johns Hopkins cryptographer who previewed some of the privacy guarantees of Private Processing, but hasn’t audited the complete system. “I believe WhatsApp when they say that they’ve designed this to be as secure as possible, and I believe them when they say that they can’t read your texts. But I also think there are risks here. More private data will go off device, and the machines that process this data will be a target for hackers and nation state adversaries.”

WhatsApp says, too, that beyond basic AI features like text summarization and writing suggestions, Private Processing will hopefully create a foundation for expanding into more complicated and involved AI features in the future that involve processing, and potentially storing, more data.

As Green puts it, “Given all the crazy things people use secure messengers for, any and all of this will make the Private Processing computers into a very big target.”

WhatsApp Is Walking a Tightrope Between AI Features and Privacy

BreachForums posts a PGP-signed message explaining the sudden April 2025 shutdown. Admins cite MyBB 0day vulnerability impacting the…

BreachForums posts a PGP-signed message explaining the sudden April 2025 shutdown. Admins cite MyBB 0day vulnerability impacting the site, plan return, deny seizure, and warn of clones.

In early April 2025, the well-known cybercrime and data breach forum BreachForums disappeared from the internet without explanation. The forum, administered and **owned by the hacker group ShinyHunters**, went offline without any farewell note or clarification, triggering widespread speculation about a possible law enforcement seizure.

Despite these concerns, DNS records for BreachForums remained unchanged, showing the original nameservers at **DDoS-Guard**, not the typical Cloudflare nameservers seen when the FBI seizes criminal infrastructure. This consistency hinted that the site had not fallen into the hands of authorities but left many questions unanswered.

    BreachForums.st DNS Records:
    
    185.129.101.200
    
    185.129.103.200
    
    ns1.ddos-guard.net
    
    ns2.ddos-guard.net
    
    Typical FBI Seizure DNS Records:
    
    plato.ns.cloudflare.com
    
    jocelyn.ns.cloudflare.com

****BreachForums Plans to Return****

Earlier today (April 28, 2025), visitors to Breachforums.st have been met with a new development: a detailed message posted on the homepage, allegedly from the forum’s administration, signed with a PGP key.

According to the statement, the administrators shut down operations after confirming the existence of a MyBB 0day vulnerability that left the forum exposed to infiltration attempts by law enforcement agencies.

It is worth noting that in June 2023, when BreachForums was revived under ShinyHunters’ control, it **suffered a data breach**. The forum administrator attributed the incident to a MyBB 0day vulnerability, which led to the leak of personal details belonging to over 4,000 members.

However, in the latest update, the administrators claimed they acted quickly once they received credible information about the security risk through trusted contacts. They initiated an incident response protocol, shut down infrastructure, and conducted an audit of their systems.

Their findings suggested that although the forum software was vulnerable, the infrastructure had not been compromised and no data had been stolen. The statement also apologized to staff and users for the extended silence, citing operational security as the top priority during the crisis. BreachForums announced that work is underway on a complete rewrite of the forum backend to prevent future vulnerabilities.

Additionally, the message warned users against engaging with various BreachForums clones that have surfaced online, suggesting that these are likely law enforcement honeypots designed to lure and identify cyber criminals. The administrators emphasized that no arrests had taken place and that the original team remained intact.

Screenshot from the BreachForums’ homepage (Image credit: Hackread.com)

****But Some Questions Remain Unanswered****

What the message does not explain is why ShinyHunters deleted their Telegram account. BreachForums had a large and active community on Telegram. What happened to that account, and why were no updates provided on Telegram before taking down the forum?

The sudden disappearance and equally sudden reappearance of BreachForums have raised further concerns within cybercrime circles. While the operators insist the platform remained secure, the revelation of a zero-day vulnerability in the forum software raises new questions about the operational risks associated with underground forums.

**ShinyHunters**, the hacker group tied to the forum’s ownership, has been linked to several high-profile data breaches over the past few years, which places BreachForums under constant scrutiny by law enforcement agencies worldwide.

The situation is likely to develop as cybersecurity researchers, law enforcement, and threat actors react to the forum’s unexpected return. Until then, BreachForums’ future remains uncertain.

BreachForums Displays Message About Shutdown, Cites MyBB 0day Flaw

What happens when cybercriminals no longer need deep skills to breach your defenses? Today’s attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they’re not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks are used to slip past security

⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More

A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how…

A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how to check if your SAP Java systems are affected and the immediate steps to take.

A serious security vulnerability, identified as CVE-2025-31324, was discovered in SAP NetWeaver’s Visual Composer development server. This critical issue, scoring a perfect 10.0 in severity, stems from a missing check that should verify if a user has the correct permissions and is being actively exploited, reveals a report from Onapsis Threat Intelligence. 

Research reveals that the flaw is active on between 50% and 70% of existing SAP NetWeaver Application Server Java systems, even though it’s not automatically installed.

Reportedly, the vulnerability, first documented by ReliaQuest, exists in the “developmentserver” part of the SAP Visual Composer, a component of SAP NetWeaver 7.xx, designed to create business tools without writing code.

The problem occurs because the system doesn’t properly check if someone accessing the Metadata Uploader feature is actually allowed to do so. This lack of proper authentication and authorization allows unlogged users to access powerful functions.

On April 22nd, ReliaQuest observed suspicious activity on patched SAP NetWeaver servers, suggesting attackers might have been using a different, unknown vulnerability. On the same day, SAP acknowledged unusual files being found on SAP NetWeaver Java systems, as described in their knowledge base article SAP KBA 3593336. On April 24th, SAP released a FAQ document (SAP Note 3596125) confirming that files with extensions like ‘.jsp’, ‘.java’, or ‘.class’ found in specific folders like …\\irj\\root, …\\irj\\work, and …\\irj\\work\\sync are likely malicious. 

Finally, on April 24th, SAP officially announced CVE-2025-31324, clearly stating it was due to a “Missing Authorization check in SAP NetWeaver (Visual Composer development server)”. They confirmed that the root cause is a lack of proper permission checks, allowing unauthorized individuals to upload dangerous executable files and an out-of-band emergency NetWeaver update has been released.

This flaw, classified as a Missing Authorization issue (CWE-862) or Missing Authentication for Critical Function (CWE-306), poses a significant risk of system takeover if exploited, which is why it has earned the highest severity score.

It can be remotely exploited using standard web communication methods (HTTP/HTTPS). Security experts have observed that attackers are targeting a specific web address: /developmentserver/metadatauploader, by sending specially crafted requests and since no login or authentication is needed to carry out an attack, anyone, even without an account, could interact with the system’s vulnerable part and upload any file.

According to Onapsis’s blog post, malicious code files called webshells titled “helper.jsp” or “cache.jsp” are already being uploaded, allowing attackers to execute commands with high-level permissions as software administrators (<sid>adm) and obtaining full control over SAP resources.

> _“Threat actors have been observed uploading web shells to vulnerable systems. These webshells allow the threat actor to execute arbitrary commands in the system context, with the privileges of the adm Operating System user, giving them full access to all SAP Resources.”_
> 
> Juan Perez-Etchegoyen – CTO at Onapsis

SAP urges customers to promptly assess their risk by checking for Java systems, the presence and version of the VCFRAMEWORK component (especially if older than 7.5 or specifically 7.0 with a support package below 16), as the vulnerable component might not be present in basic Java stack or default Solution Manager installations. Implementing the official fix is the only solution to mitigate this risk.

Benjamin Harris, CEO of Attack Surface Management firm watchTowr, warned that unauthenticated attackers are actively exploiting a vulnerability in SAP NetWeaver to upload arbitrary files, leading to full system compromise.

“This isn’t theoretical, it’s happening now,” Harris said, noting that attackers are planting web shell backdoors to deepen their access. He urged immediate patching via SAP Security Note 3594142, emphasizing, “If you thought you had time, you don’t.” Harris added that watchTowr clients were alerted to exposures within 12 hours, thanks to the platform’s rapid detection capabilities.

SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells

Interlock ransomware group claims it stole 20TB of sensitive patient data from DaVita Healthcare. While the group has…

Interlock ransomware group claims it stole 20TB of sensitive patient data from DaVita Healthcare. While the group has leaked 1.5TB; it is offering the rest of the data for a price which includes the personal details of millions of patients.

Patients receiving critical kidney dialysis treatment from DaVita, a major healthcare provider, are now facing the possible exposure of their sensitive information. A group of cyber criminals from the Interlock ransomware has claimed responsibility for the cyberattack on the company and has begun posting what they say is stolen patient data on their dark web leak site.

This development comes just two weeks after DaVita, which operates a vast network of over 2,500 dialysis centres across the United States and hundreds more in 13 other countries, informed the US Securities and Exchange Commission about the ransomware attack, after which the company’s share fell by 3%, as reported by Investopedia.

As Hackread.com previously reported, the attack, which occurred around April 12th, involved the encryption of parts of DaVita’s computer systems, causing disruptions to their internal operations. At the time of their initial disclosure, DaVita stated they were implementing contingency plans to ensure uninterrupted patient care, a crucial service for individuals with end-stage renal disease who require dialysis multiple times a week to survive.

Now, Interlock, a relatively new ransomware group that began listing victims on its leak site in October 2024, is claiming to have stolen a massive 1.51 terabytes of data from DaVita. They have already posted samples of this alleged stolen information, raising serious concerns about the privacy of DaVita’s patients.

Screenshot from the Interlock Ransomware’s dark web leak site (Image credit: Hackread.com)

DaVita has acknowledged the dark web posting and stated they are in the process of thoroughly reviewing the data involved. “We are disappointed in these actions against the healthcare community and will continue to share helpful information with our vendors and partners to raise awareness on how to defend against these attacks in the future,” their spokesperson stated.

The potential scale of the breach is significant considering that DaVita served approximately 281,100 patients worldwide through its extensive network of over 3,000 outpatient dialysis centres in 2024.

Cybersecurity experts, including Paul Bischoff from Comparitech, note that Interlock has been linked to a growing number of confirmed attacks since its emergence. It is worth noting that this group has previously claimed responsibility for a cyberattack on Texas Tech University Health Sciences Centre, an incident that reportedly compromised the medical information of over 530,000 individuals.

This track record emphasises the potential severity of the current situation for DaVita and its patients. The full scope of the compromised data and the potential consequences for affected individuals are yet to be determined as DaVita continues its investigation.

Paul Bischoff, Consumer Privacy Advocate at Comparitech, commented on the latest development, stating, “Interlock began listing victims in October 2024, demanding ransom for decrypting systems and deleting stolen data. We’ve tracked 13 confirmed and 13 unconfirmed attacks by the group and in 2025 alone, there have been 17 confirmed ransomware attacks on US healthcare companies, with 80 more unconfirmed.”

“As seen with DaVita, these attacks can severely disrupt patient care and lead to long-term data privacy issues. In 2024, nearly 25.7 million records were breached across 160 healthcare ransomware incidents,” Paul revealed.

Interlock Ransomware Say It Stole 20TB of DaVita Healthcare Data

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. 
"The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue," ReliaQuest said in a report published this week.
The cybersecurity

SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers

In this episode of Uncanny Valley, our hosts explain how to prepare for travel to and from the United States—and how to stay safe.

Protecting Your Phone—and Your Privacy—at the US Border

A newly discovered malicious program effectively turns Android phones into malicious tap machines that vacuum up payment card data.

Got an Android phone? Got a tap-to-pay card? Then you’re like millions of other users now at risk from a new form of cybercrime – malware that can read your credit or debit card and hand its data over to an attacker. A newly discovered malicious program effectively turns Android phones into malicious tap machines that vacuum up payment card data and send it to cybercriminals half a world away. All you have to do is install the software and tap your card to your phone – and criminals excel at persuading you to do just that.

The malware, which cybersecurity company Cleafy calls SuperCard X, uses a feature now found in most Android phones: near-field communication (NFC). This enables your phone to read the data on a supporting payment card when it comes close enough. It’s how tap-to-pay machines found in retailers and ATMs work their magic.

Attackers get the malicious software via a malware-as-a-service model. This enables them to become affiliates for the developers of the software, who typically offer it for a percentage of the attackers’ takings. They can then focus on finding and targeting victims with social engineering attacks, which Cleafy says they’ve been doing in Italy.

**How the attack works**

First the attackers have to get the malware onto someone’s Android phone. That starts with a fraudulent ‘smishing’ message sent via SMS or WhatsApp, often impersonating a bank and asking the user to call.

The telephone number connects the victim to the attacker, who then persuades them to give up their PIN and log into their bank account. From there, they persuade the victim to remove the spending limits on their card, and then to install what they claim is a security application, sent to their phone as a link. This contains the SuperCard X malware.

Finally comes the payoff. The attacker, who by now will likely have built up a rapport with the victim, will ask them to tap their card to their phone. The malware then captures the card details, which it then sends to the attacker’s own Android phone. They can then use the phone as a cloned card for contactless payments. If you’ve ever tapped your phone instead of your card to pay for something, you’ll know how easy that is to do.

**Where did SuperCard X come from?**

Like much malware, SuperCard X didn’t come out of nowhere. Cleafy says that it shares code with another piece of malware called NGate, discovered last year. Both of these are likely built on concepts first outlined in NFCGate, a freely available open-source NFC software tool developed by German’s Technical University of Darmstadt.

SuperCard X’s developers have focused on making this software as stealthy as possible. Most antivirus programs for Android fail to spot it, says Cleafy. That’s because it asks for as few privileges as possible on the phone, and it doesn’t include many of the features that other malware has. In short, the less that a malicious program does on a phone, the smaller its footprint is and the more silent it can be.

This malware is a cybercriminal’s favorite for several reasons. Rather than attacking people with accounts at a particular bank, it works against anyone with a payment card, increasing the attacker’s scope. It’s also instant, compared to thefts by wire transfer, which can take days to complete.

It is important to note that payment framework**s** like Google Pay, Apple Pay, Samsung Pay, and som b**a**nk-specific wallet apps  use dynamic cryptographic tokens — which are similar in concept to the “rolling codes” often used in car keyless entry systems — to prevent signal replay attacks.

**How to protect yourself**

But, as with many things, the best defense is you. In this case, protection is simple. The cybercriminals behind this attack can’t do anything unless you install the software on your phone, and so they go through several steps to convince you to do so.

Be skeptical of text messages from people you don’t know, especially those claiming to be urgent. Scammers typically try and panic you into a fast response. When they get you on the phone, they can befriend you, further impeding your ability to think critically and say “no”.

If you can’t help yourself and feel compelled to take action, check in with a trusted family member if available to get their perspective. If you’re still convinced, then at least verify the message first. Call your financial institution through an official number – not through the one in the text message. We’ll bet a steak dinner that they won’t know what you’re talking about.

Never give personal details to anyone you don’t know who contacts you via text message, and never change your banking details at their request. And if anyone asks you to install software sent via text message, refuse and end the communication.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Android malware turns phones into malicious tap-to-pay machines 

WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups.
"This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp said in a statement.
The optional feature

WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads

Free up space on your iPhone fast. Learn 5 proven ways to clear storage, remove clutter, and manage photos, apps, and files with no gimmicks, just results.

If your iPhone feels cramped and storage alerts show up like it’s on a schedule, it’s probably time for a cleanup. Below, we’ll go over easy ways to quickly free up space on iPhone – and talk a bit about storage management in general. These aren’t gimmicks; they’re time-tested methods and tricks that work for anyone, whether you’re rocking an older iPhone or the latest model.

****How to Check What’s Eating Up Space****

The first thing on the checklist is to figure out what’s taking up all that space. Before you start deleting stuff blindly, open up Settings on your iPhone, tap General, and then hit iPhone Storage.

Give it a second to load – once it does, you’ll see a full breakdown: apps, photos, media, messages, system files, and that “Other” section that never quite explains itself. You can read what all those mean in the official iPhone guide – we won’t stop on this too long.

What matters right now is _where_ your space is going. If Photos is at the top? You’ll want to start there. If it’s giant apps like TikTok, Instagram, or games you haven’t touched in months – yep, those might be the real problem. You might even get some auto-suggestions right there in the menu, like “Offload Unused Apps” or “Review Large Attachments.” Take those seriously – they’re built into the system for a reason.

****How to Free Up Storage on iPhone****

Now, we’ll go through the most popular methods from the overall list of methods to free up space on an iPhone, step by step. We’ll start with Photos first, since for most people (and maybe for you), this is where storage goes to die.

****1\. Clean Up Your Photos****

You probably already know how to manually delete photos or videos from the Photos app. You just tap **_Select_**, choose what you don’t need, and hit the **trash icon**. Simple. But also… kinda miserable. That’s hours of scrolling and second-guessing.

So let’s skip the obvious and talk about faster ways to handle photo cleanup.

First, your iPhone actually has a Duplicates album baked into the Photos app. It can help you spot and merge exact photocopies – like when you AirDropped yourself the same shot twice or saved it from Messages. That can be useful… but there are a couple of catches.

1.  It only works with **exact** duplicates – so if the two photos look nearly identical but aren’t pixel-for-pixel twins, they won’t show up.
2.  It takes time. As a lot of folks pointed out on Reddit, your iPhone doesn’t flag duplicates instantly. You might have to wait a few hours (or days) for the indexing to finish before anything appears in that folder.
3.  Even when it _does_ work, it doesn’t always make a huge dent. A few exact copies here and there usually won’t free up gigabytes.

That’s why a lot of us end up turning to third-party tools that offer broader and faster ways to clean up photos. Special attention should go to AI-powered cleaners – these apps use actual machine learning to spot stuff your iPhone can’t. Not just copies, but _similar_ photos. Like ten shots of the same person blinking… and only one where their eyes are open.

One of the best apps we’ve used for this is Clever Cleaner: AI CleanUp App. It’s 100% free, smart, clean, and surprisingly good at figuring out what’s worth keeping.

**Here’s how to use it:**

1.  Download Clever Cleaner from the App Store.
2.  Open the app, go to Similars, and let it group your lookalike photos.
3.  Tap Smart Cleanup.
4.  The AI picks the best shots to keep. Like the selection? Slide to delete. Want to tweak it? Tap a group, pick a different best shot, or skip it.
5.  When you’re done, Hit Move to Trash, then Empty Trash to clear it all out.

It also flags Heavies (your largest files, sorted big to small – something the Photos app _can’t_ do), Screenshots (easy bulk delete), and Lives (lets you convert Live Photos to stills to save space).

After each cleanup, it shows how much space you saved – and reminds you to empty the Recently Deleted album to actually free up space on your iPhone.

****2\. Offload or Delete Unused Apps****

The next way to potentially clear _a lot_ of space on an iPhone is Apps. Especially the ones you haven’t opened in six months but somehow still take up 1.2 GB.

To find and quickly delete the biggest unused apps, do this:

1.  Open Settings.
2.  Tap General.
3.  Go to iPhone Storage.
4.  Wait for the list to load (apps are sorted by size, largest at the top).
5.  Tap any app you don’t use.

Next, you’ve got two options:

*   **Offload**. This deletes the app itself but keeps all your data. If you reinstall later, everything’s still there. Best for apps you _might_ use again.
*   **Delete**. This wipes the app and its data. Good for things you know you’re done with.

Pro tip: if you’re cool with iOS doing this automatically, turn on Offload Unused Apps in iPhone Storage. It silently trims unused apps when space runs low – and puts a little download icon on them so you can grab them back anytime.

****3\. Clear Safari Cache****

If you’ve been using Safari for a while – browsing, shopping, reading articles at 2 a.m. – there’s a good chance it’s been quietly stockpiling data in the background. Website history, cookies, cached images… it all adds up. You won’t see it in the Photos app or under “Media,” but it’s there.

It’s easy to clear it, and no, it _won’t_ delete your saved passwords or bookmarks. It’ll just wipe the behind-the-scenes junk.

**To do it:**

1.  Open Settings.
2.  Scroll down and tap Safari.
3.  Scroll again and tap Clear History and Website Data.
4.  Confirm when it asks.

That’s it. Safari gets a clean slate, and you get a bit more breathing room.

It’s also a good idea to clear the cache in other apps you use often. Safari isn’t the only one. Apps like Chrome, Firefox, Snapchat, WhatsApp, and most social media or browser apps all store cached data too. But, you won’t find those cache-clearing options in iPhone’s main Settings menu.

Each app handles it differently, usually tucked away in the app’s own settings. Some call it “Clear Cache,” others go with “Storage Management” or “Data Usage.” If you’re not sure where to look, check the app’s help guide or support page – there’s usually a quick step-by-step there.

And if you can’t find a clear option at all? Easy fix: delete and reinstall the app. It’s the fastest way to wipe the cache and start fresh. You’ll need to log back in, but you’d be surprised how much space that one move can save.

****4\. Delete Large Message Attachments****

Yes, all those photos, videos, voice notes, and memes you’ve sent and received over the years stay on your iPhone’s local storage. Every single one. Doesn’t matter if it’s from last week or three months ago – they’re still there.

Luckily, there’s a built-in way to review and clear this stuff (at least the biggest offenders) quickly. Here’s how to do it:

1.  Open Settings.
2.  Go to General > iPhone Storage.
3.  Scroll down and tap Messages.
4.  Under _Documents_, tap Review Large Attachments.
5.  You’ll see a list of the bulkiest files buried in your message threads.
6.  Tap Edit, select the ones you don’t need, and hit Delete.

That’s it. Quick and painless (and your conversations stay intact).

If you want to go even further, head to _Settings > Messages > Keep Messages_ and switch it to 30 Days. iOS will automatically toss older messages and their attachments without you lifting a finger.

If you don’t see Review Large Attachments, it means iOS didn’t flag anything big enough in the Messages app to show there – _or_ you simply haven’t accumulated much yet (good for you).

But that doesn’t mean you’re out of options.

You can still clear attachments manually within most messaging apps. Just like with cache, many apps have their own settings to manage storage and remove media files without deleting your entire chat history. This works for the built-in Messages app, and also for third-party apps like WhatsApp, Telegram, and others.

****5\. Remove Downloaded Files****

This one flies under the radar for a lot of people. You download a file – maybe a PDF, a video, a ZIP, or a random invoice – and forget all about it. But your iPhone doesn’t. It quietly saves that file in the **Files** app, or tucked inside whatever app you used to open it.

**Start with the Files app:**

1.  Open Files.
2.  Tap Browse at the bottom.
3.  Go to On My iPhone.
4.  Check folders like _Downloads_, _Documents_, or anything app-specific (Chrome, Acrobat, etc.)
5.  Long-press to delete anything you don’t need.

Then think about apps that save content offline. Netflix, Spotify, YouTube Premium, and even Podcasts – they all store downloaded files locally. You won’t see this storage in the Files app, but you can manage it inside each app’s settings. Look for things like Downloads, Offline Media, or Storage Usage. Some let you clear everything in one tap.

****Final Words****

These 5 methods to clear space on the iPhone we covered above are the same ones we’ve used countless times – and the ones we regularly recommend to others. They’re reliable, and efficient, and cover the main sources of clutter on nearly every device.

Some additional methods/features can help in specific cases:

*   You can activate Optimize iPhone Storage if you use iCloud, this keeps smaller, device-friendly versions of your photos and shifts the full-resolution ones to the cloud. It’s a simple toggle that can save a lot of space without deleting anything.

*   Voice Memos is another one to check. If you use the app often, long or forgotten recordings can quietly take up storage in the background. Clearing them out occasionally can free up more room than you’d expect.

But those are more situational. The five methods in our guide cover the must-dos. They work across devices, they’re easy to repeat, and they don’t require any technical know-how. A simple cleanup with these steps will give any iPhone more breathing room.

If you found these methods helpful, use the buttons below to share on Facebook or tweet it on X – someone else is probably dealing with the same storage headache right now.

Tag

#sap