WhatsApp’s ‘View Once’ feature, meant to ensure that photos and videos disappear after a single view, recently suffered a major privacy flaw. A bug in the iOS version of the app allowed users to bypass the restriction and repeatedly access content that was supposed to vanish. While Meta has now fixed the issue, the incident raises concerns about WhatsApp’s ability to maintain its privacy-focused features.
A Simple Exploit with Serious Consequences
Security researcher Ramshath first exposed the issue in a blog post, revealing how easily users could work around the disappearing media function. The exploit required no technical skills—any iPhone user could repeatedly view ‘View Once’ content simply by navigating to WhatsApp’s storage settings. By going to Settings, selecting Storage and Data, and then Manage Storage, users could find the sender’s chat, sort by Newest, and access the supposedly deleted media. This completely undermined the purpose of ‘View Once,’ allowing recipients to keep viewing content meant to be ephemeral.
Read More: WhatsApp adds double tap reactions for faster messaging
WhatsApp’s Response and the Fix
Ramshath reported the issue through Meta’s bug bounty program, but the company responded that it was already aware of the problem and working on a fix. The patch arrived quickly with WhatsApp version 25.2.3 for iOS, restoring the intended functionality of ‘View Once’ messages. Some reports suggest that Meta may have also implemented a server-side fix, which resolved the issue without requiring users to download an update. However, WhatsApp has not publicly addressed this aspect of the fix, leaving some uncertainty about when exactly the vulnerability was patched.
‘View Once’ Has Faced Privacy Issues Before
This is not the first time WhatsApp’s ‘View Once’ feature has failed to deliver on its promise of privacy. In September 2024, security researcher Tal Be’ery discovered that ‘View Once’ media was still accessible on WhatsApp Web by retrieving its direct URL from WhatsApp’s servers. That flaw was only patched months later, in December. Another vulnerability surfaced around the same time, allowing users to save disappearing media on WhatsApp Web. These repeated failures suggest that while WhatsApp promotes ‘View Once’ as a secure way to send sensitive content, the feature has struggled to maintain true privacy.
New Features in WhatsApp’s Latest Update
Alongside the fix for this privacy flaw, WhatsApp’s latest update for iOS introduces new features designed to improve user experience. One of the most notable changes is the ability to make calls without having to save phone numbers first, making the app more convenient for quick interactions. The update also enhances group calling capabilities, offering improved functionality for voice and video chats. While these additions are useful, the security lapse serves as a reminder that WhatsApp still faces challenges in protecting user privacy.
Read More: WhatsApp adds event creation to individual chats
Although Meta acted quickly to fix this particular bug, the repeated failures of ‘View Once’ raise serious concerns about its reliability. Users who rely on WhatsApp for secure communication should be cautious, as past incidents show that ‘disappearing’ media might not always vanish as promised. The best course of action for now is to update WhatsApp to the latest version to ensure that the issue is patched. However, users should remain mindful that no digital platform is entirely foolproof, and sharing sensitive content—even through privacy-focused features—always carries some risk.