WhatsApp, the world’s most popular end-to-end encrypted messaging app with over two billion users, allows users to exchange photos and videos that disappear after opening.
However, a bug found in WhatsApp’s web-based app implementation of the “View Once” feature allows recipients to view and save the media, contrary to its intended disappearing functionality.
The “View Once” feature was introduced by WhatsApp in 2021 for its mobile apps on Android and iOS, designed to provide a privacy control over media shared.
When a user receives a “View Once” media on WhatsApp’s desktop or web app, a notification is displayed instructing the user to open it on their mobile device for security reasons.
WhatsApp’s Android and iOS apps prevent users from taking screenshots or screen recordings of “View Once” media for added privacy protection.
Security researcher Tal Be’ery uncovered the bug in WhatsApp’s web app functionality, where he managed to save a “View Once” media shared with him by TechCrunch.
In his blog post, Be’ery emphasized the importance of true privacy in messaging apps, calling out WhatsApp’s “View Once” as misleading in terms of privacy protection.
Contact Us
Do you have information about bugs in messaging apps? Contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You can also reach out to TechCrunch via SecureDrop.
Be’ery reported the bug to WhatsApp’s parent company Meta via their official bug bounty platform in late August.
In response to TechCrunch’s inquiry, WhatsApp spokesperson Zade Alsawah confirmed the updates to fix the “View Once” feature on the web app and advised users to share such media with trusted contacts only.
Additional posts and discussions on bypassing the “View Once” feature on WhatsApp’s web app have been observed, indicating a broader awareness of the issue.
WhatsApp has not provided a specified timeline for when the updates to the “View Once” feature will be completed.
