WhatsApp fixed a critical flaw in the “View Once” feature, which was introduced in 2021 to enhance privacy by automatically deleting pictures and videos after they are viewed.
According to The Register, the issue, discovered by researchers at crypto wallet startup ‘Zengo’ in August, revealed that the privacy mechanism in View Once could be “trivially bypassed” when using WhatsApp’s web app and a rogue browser extension. This allowed users to retain disappearing media despite the feature’s intention to delete it after a single view.
Zengo researchers responsibly disclosed the flaw to WhatsApp, prompting an initial patch that was less than effective. The earlier fix still permitted some images to remain accessible after they were supposed to have disappeared. WhatsApp has now rolled out a software update that it claims resolves the problem.
“We’re constantly building in layers of privacy protection, and that includes rolling out key updates to View Once on web,” a WhatsApp spokesperson told The Register.
The original issue allowed web clients to access View Once messages without adhering to the disappearing protocol. Developers also created browser extensions that could bypass the View Once feature and save the media.
“It prevents browser extensions from getting media sent in vanishing messages,” he said.
The latest update now blocks such extensions from accessing the media, a change Zengo co-founder Tal Be’ery praised as a “great improvement.”
“We are happy that our discoveries and publications pushed WhatsApp into fixing View Once in a thorough manner to protect this feature’s users’ privacy,” Be’ery said.
This development comes as WhatsApp continues to address other privacy challenges, including features to ensure View Once chats truly disappear and preventing operating system data exposure that could make users vulnerable to cyberattacks.
“We are happy that our discoveries and publications pushed WhatsApp into fixing View Once in a thorough manner to protect this feature’s users’ privacy,” WhatsApp said.
Users are advised to update to the latest version of WhatsApp and remain cautious when sharing sensitive content, even with privacy-focused features like View Once.
“As always, we continue to encourage users to only send View Once messages to people they know and trust and make sure they’re on the latest version of the app,” WhatsApp said.