Tuesday, May 6, 2025
HomeCyber Security NewsWhatsApp’s “View Once” Feature Flaw Let Anyone View the Image Unlimitedly

WhatsApp’s “View Once” Feature Flaw Let Anyone View the Image Unlimitedly

Published on

SIEM as a Service

Follow Us on Google News

Privacy is the cornerstone of digital communication in today’s world, and platforms like WhatsApp consistently introduce features to enhance user security.

One such feature is WhatsApp’s “View Once” option, which ensures that sensitive photos and videos disappear after being viewed once.

However, recent findings suggest that this privacy guarantee might not be as foolproof as users believe.

- Advertisement - Google News

A security researcher has revealed a loophole in the “View Once” feature, exposing a flaw that allows media sent via this option to remain accessible even after it is supposed to vanish.

This discovery sheds light on the potential risks of relying on such features for private communication.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

The Loophole Explained

The researcher, during routine testing, discovered a surprising bypass of the “View Once” functionality. Typically, this feature allows users to send a photo or video that disappears immediately after being viewed.

However, the researcher found a way to access a “disappeared” image by navigating to WhatsApp’s “Manage Storage” settings. Here’s how the process unfolded:

  1. A friend sent a “View Once” image.
  2. After viewing the image, it was expected to delete itself automatically.
  3. However, by visiting Settings > Storage and Data > Manage Storage and sorting the sender’s chat by “Newest,” the image was still visible and could be accessed again.

This unexpected behavior directly violated the core promise of the “View Once” feature, raising questions about its reliability and security.

Meta’s Response

After discovering this issue, the researcher responsibly reported it to Meta, WhatsApp’s parent company, through their bug bounty program.

Meta acknowledged the report but stated that they were already aware of the issue and were actively working on a fix.

They declined to reward the researcher under their program, saying, “We have already been aware of this issue internally.”

While it was reassuring to know that Meta was addressing the flaw, the lack of acknowledgment in the form of a bounty left the researcher feeling underappreciated for their efforts.

This seemingly small bug carries significant consequences:

  • Erosion of Trust: Users depend on features like “View Once” for sharing sensitive content securely. A flaw of this nature undermines that confidence.
  • Potential Privacy Breach: Sensitive images meant for temporary viewing could be retained or misused, posing risks to user safety.

The discovery emphasizes the critical need for rigorous testing of privacy-centric features.

Digital privacy is not just a feature but a promise to users, and even minor flaws can have widespread implications.

While Meta works on a resolution, this serves as a reminder that users should exercise caution when sharing sensitive media, even with supposedly “secure” features.

Collect Threat Intelligence with TI Lookup to improve your company’s security - Get 50 Free Request

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

OpenAI Shifts For-Profit Branch to Public Benefit Corporation, Staying Under Nonprofit Oversight

Landmark organizational shift, OpenAI announced its transition from a capped-profit LLC to a Public...

Google’s NotebookLM Introduces Voice Summaries in Over 50 Languages

Google has significantly expanded the capabilities of NotebookLM, its AI-powered research tool, by introducing...

Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild 

Google has released critical security patches for Android devices to address 57 vulnerabilities across...

Hackers Exploit Fake Chrome Error Pages to Deploy Malicious Scripts on Windows Users

Hackers are leveraging a sophisticated social engineering technique dubbed "ClickFix" to trick Windows users...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

OpenAI Shifts For-Profit Branch to Public Benefit Corporation, Staying Under Nonprofit Oversight

Landmark organizational shift, OpenAI announced its transition from a capped-profit LLC to a Public...

Google’s NotebookLM Introduces Voice Summaries in Over 50 Languages

Google has significantly expanded the capabilities of NotebookLM, its AI-powered research tool, by introducing...

Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild 

Google has released critical security patches for Android devices to address 57 vulnerabilities across...