A critical vulnerability was found in WhatsApp’s “View Once” feature. Accordingly, it was stated that the popular messaging application allows one-time photos to be saved.
Privacy vulnerability in WhatsApp’s “View Once” feature
The vulnerability, discovered by a security researcher, exists in WhatsApp’s web and desktop apps. The service allegedly fails to offer the same layers of privacy on the web and desktop version as it does on the mobile apps.
The researcher found that a one-time photo sent via the WhatsApp Web or desktop app can be saved as a screenshot or screen recording without any interference. This allows temporary photos shared to the other party to be stored permanently.
WhatsApp claims that the “View Once” feature provides users with an additional layer of privacy. Therefore, photos or videos sent one time are not allowed to be saved. The researcher stated that the lack of protection, especially on different platforms, creates a “false sense of privacy” in users.
It should be noted that this vulnerability has been known before. Some web browsers even had extensions that automatically saved “View Once” photos. However, these extensions were removed at Meta’s request.
The researcher stated that he informed WhatsApp about this vulnerability. However, the platform did not comment on the issue.
On the other hand, WhatsApp announced that it will soon end support for the older version of the macOS app. MacOS owners using the Electron-based WhatsApp will have to update the app.