WhatsApp’s ‘View Once’ privacy feature could be easily bypassed due to this bug

WhatsApp logo shown on a smartphone
WhatsApp might expand from phones to tablets soon. (Image credit: Alex Ruhl / Shutterstock.com)

A privacy feature in WhatsApp was found to have a worrying security flaw, putting its two billion users at risk of sensitive data leaks.

Security researcher Tal Be’ery recently found the bug in WhatsApp's “View Once” feature, which allows disappearing messages. When a user sends a View Once message to someone, that message disappears seconds after being viewed by the recipient. Furthermore, the recipient is blocked from forwarding, or saving the message - and taking screenshots is also blocked.

The feature is supposed to only be available on mobile platforms. Users opening the desktop app, or opening WhatsApp through the browser, would usually see a message saying “You received a view once message. For added privacy, you can only open it on your phone.” However, Be’ery says that there is a way to bypass this protection and not only view the message on desktop/browser, but save it, as well.

False sense of privacy

“The only thing that is worse than no privacy, is a false sense of privacy in which users are led to believe some forms of communication are private when in fact they are not,” Be’ery said in his write-up. “Currently, WhatsApp’s ‘View Once’ is a blunt form of false privacy and should either be thoroughly fixed or abandoned.”

Be’ery reported the bug to Meta, WhatsApp’s parent company, in late August 2024. In a response to TechCrunch, the company said it is aware of the bug and is “already in the process of rolling out updates to view once on the web.”

We don’t know when the patch will arrive. Until that happens, send view once messages only to people you trust. WhatsApp is one of the most popular instant messaging platforms in the world, counting more than two billion users.

Via TechCrunch

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

TOPICS