WhatsApp users have been advised to urgently update the app due to a glitch that allows their private photos to remain visible.
If you’ve been using WhatsApp’s ‘View Once’ feature to send private photos, you might be in for some bad news.
Since it launched back in 2021, WhatsApp's 'View Once' tool quickly became a popular way to send sensitive images (you can probably assume what kind) without leaving a trace.
Advert
The feature works similarly to Snapchat in that the photo is deleted automatically after the recipient has seen it, without the option to take a screenshot.
However, security researcher Ramshath discovered a 'bypass' that lets users access these photos in the app’s settings, which includes chat history.
The worrying part is he said it required no technical knowledge to do so but the impact would cause huge 'trust issues' for users.
Advert
"During one of my security research sessions, I discovered a way to bypass the "View Once" feature," Ramshath wrote in a blog post.
"This bypass allowed me to access the image even after it was meant to vanish into thin air."
According to parent company Meta, the problem only affected those on iPhones and not Android users. Nonetheless, the glitch has been fixed with the latest update: 25.2.3.
Still, it's a major flaw in a feature designed specifically for sending sensitive images privately.
Advert
After discovering the issue, Ramshath reported it to Meta’s bug bounty program, which rewards people for finding security flaws not yet identified.
But, instead, he got a delayed response saying Meta was already aware of the problem internally and working on a fix.
As per Ramshath, the reply from Meta read: "Since we are already in the process of mitigating this issue, we won’t be able to qualify this report for a reward under our bug bounty program."
Advert
"It was like finding out someone had already solved the puzzle you worked so hard on," he commented.
No matter how well-designed a feature seems, the security expert pointed out that there can always be flaws. As such, there must be collaboration to identify these kinds of errors, he explained.
"Features that promise privacy should deliver on their word," Ramshath said. "Anything less puts user confidence at risk."
If you haven’t already, here’s how to update WhatsApp:
Advert
Go to the app store and then tap on WhatsApp. Then, press ‘Update’ if you do not yet have the latest version installed.