WhatsApp’s “View Once” feature, much like Snapchat, has a big privacy flaw. The bug allows users to bypass the once-only viewing restriction of media and undermines the security claim of the feature. According to security researcher Tal Be’ery, an issue like this is rampant in the web version of WhatsApp, as highlighted by TechCrunch. This raises some concerns about just how private those messages are.
The media is usually sent on “View Once” so the recipient wouldn’t save, forward, or even screenshot the content. They would only be able to view it through the WhatsApp application on Android or iOS. However, when recipients try to open the message on either WhatsApp’s web or desktop versions, they show a prompt that reads, “You received a view once photo. It can only be opened on your phone.” But, that assurance of added privacy appears to not be entirely the case after all.
WhatsApp’s Privacy Claims Challenged
Be’ery demonstrated a security oversight in downloading media shared through the “View Once” feature on the web. He used OpenSSL to bypass the limitations imposed by WhatsApp. The researcher discovered an URL that pointed to the media and was accessible through the web browser. Having downloaded the media, Be’ery decrypted the image by changing its file name to expose the loophole in security. This makes it vulnerable to misuse.
User Awareness and Response by Meta
Following the discovered flaw in the feature, Be’ery sent the bug to Meta, the parent company of WhatsApp. Meta acknowledged the issue and is working on updates. However, a spokesman simply stated that Meta encourages users to send “View Once” media only to trusted people, which does little to ease concerns about the privacy risks surrounding the feature.
In the end, Be’ery concludes that this bug is a serious problem. If this “View Once” mode cannot provide real privacy, it should be either considerably fixed or taken down from the application.