WhatsApp Bug Exposes Privacy Risks: How the “View Once” Feature Can Be Exploited
WhatsApp, the widely used end-to-end encrypted messaging app with over two billion users, has recently been hit with a bug that compromises the privacy of its “View Once” feature. This feature is designed to allow users to exchange pictures and videos that disappear after being viewed. However, a flaw in WhatsApp’s implementation of this feature on its web app enables malicious recipients to display and save the media, despite its supposed vanishing nature.
The View Once feature was initially introduced by WhatsApp in 2021 and was intended to only work on the mobile apps for Android and iOS. In normal circumstances, when a user receives a View Once picture or video on the desktop or web app, a warning is displayed, stating that the media can only be opened using WhatsApp on their phone. Additionally, WhatsApp has implemented measures to prevent users from taking screenshots or screen recordings of View Once media on its mobile apps.
However, security researcher Tal Be’ery discovered a bug in WhatsApp’s browser-based web app that allows recipients to bypass these security measures and save a copy of the media. Be’ery demonstrated this bug by capturing and saving a View Once picture sent by TechCrunch while using WhatsApp on the web. In a blog post detailing his findings, Be’ery emphasizes the importance of true privacy and calls for WhatsApp to either thoroughly fix or abandon the View Once feature.
This bug raises concerns about users’ false sense of privacy when using WhatsApp’s View Once feature. It highlights the need for stronger security measures and more reliable privacy protections in messaging apps. Users should be cautious when sharing sensitive or confidential information through messaging platforms and consider alternative methods for secure communication.
WhatsApp’s parent company, Meta, was informed of the bug through its official bug bounty platform on August 26 by Be’ery. In response to the bug report, a WhatsApp spokesperson stated that they are already working on updates to address the issue on the web app. However, no specific timeline was provided for the completion of these updates.
It’s worth noting that Be’ery is not the only person to have discovered this bug. Several browser extensions have been promoted online, making it easy to bypass the View Once feature on WhatsApp’s web app. While TechCrunch refrains from sharing these posts to prevent aiding malicious actors, it is crucial for WhatsApp to address this vulnerability promptly to safeguard user privacy.
This incident serves as a reminder of the constant need for vigilance in the digital world. As technology advances, so do the risks associated with it. Users should stay informed about the latest security vulnerabilities and take necessary precautions to protect their privacy. Choosing messaging apps with robust security features and regularly updating software are essential steps in safeguarding personal information.
In conclusion, the WhatsApp bug affecting the View Once feature on its web app exposes the limitations of its privacy protection. Users must be aware of the potential risks and exercise caution when sharing sensitive content. WhatsApp’s prompt response and implementation of necessary updates are crucial for restoring user trust and ensuring the privacy of its billions of users.