WhatsApp’s “View Once” Feature Flaw Let Anyone View the Image Unlimitedly

Privacy is the cornerstone of digital communication in today’s world, and platforms like WhatsApp consistently introduce features to enhance user security.

One such feature is WhatsApp’s “View Once” option, which ensures that sensitive photos and videos disappear after being viewed once.

However, recent findings suggest that this privacy guarantee might not be as foolproof as users believe.

A security researcher has revealed a loophole in the “View Once” feature, exposing a flaw that allows media sent via this option to remain accessible even after it is supposed to vanish.

This discovery sheds light on the potential risks of relying on such features for private communication.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

The Loophole Explained

The researcher, during routine testing, discovered a surprising bypass of the “View Once” functionality. Typically, this feature allows users to send a photo or video that disappears immediately after being viewed.

However, the researcher found a way to access a “disappeared” image by navigating to WhatsApp’s “Manage Storage” settings. Here’s how the process unfolded:

1. A friend sent a “View Once” image.
2. After viewing the image, it was expected to delete itself automatically.
3. However, by visiting Settings > Storage and Data > Manage Storage and sorting the sender’s chat by “Newest,” the image was still visible and could be accessed again.

This unexpected behavior directly violated the core promise of the “View Once” feature, raising questions about its reliability and security.

Meta’s Response

After discovering this issue, the researcher responsibly reported it to Meta, WhatsApp’s parent company, through their bug bounty program.

Meta acknowledged the report but stated that they were already aware of the issue and were actively working on a fix.

They declined to reward the researcher under their program, saying, “We have already been aware of this issue internally.”

While it was reassuring to know that Meta was addressing the flaw, the lack of acknowledgment in the form of a bounty left the researcher feeling underappreciated for their efforts.

This seemingly small bug carries significant consequences:

• Erosion of Trust: Users depend on features like “View Once” for sharing sensitive content securely. A flaw of this nature undermines that confidence.
• Potential Privacy Breach: Sensitive images meant for temporary viewing could be retained or misused, posing risks to user safety.

The discovery emphasizes the critical need for rigorous testing of privacy-centric features.

Digital privacy is not just a feature but a promise to users, and even minor flaws can have widespread implications.

While Meta works on a resolution, this serves as a reminder that users should exercise caution when sharing sensitive media, even with supposedly “secure” features.

Collect Threat Intelligence with TI Lookup to improve your company’s security - Get 50 Free Request