Security glitch exposes WhatsApp’s disappearing photo feature—'trust issues' uncovered
- Replies 0
A recent discovery has sent shockwaves through instant messaging users, raising major concerns about privacy and security.
What many believed to be a reliable feature for sharing sensitive content has now come under scrutiny.
This revelation has sparked alarm, with experts warning about a potential breach of trust.
WhatsApp’s 'View Once' feature has been one of its most popular privacy tools since its launch in 2021.
The tool promised users that sensitive photos would disappear after being viewed.
It offered peace of mind for those sharing private images, whether it was a photo of their Wi-Fi password or something more personal.
However, a recent glitch has raised major security concerns.
A security researcher, Ramsath, discovered that images sent via 'View Once' could still be saved to the recipient's phone, even after being opened and meant to disappear.
According to Ramsath, this issue could lead to serious 'trust issues' among users.
In a blog post, he explained: 'During one of my security research sessions, I discovered a way to bypass the "View Once" feature.'
He added: 'This bypass allowed me to access the image even after it was meant to vanish into thin air.'
Despite this flaw, WhatsApp quickly addressed the issue.
It was revealed that the problem stemmed from how the app handled storage.
Even though 'View Once' images were deleted from chats after being viewed, they remained accessible via the app's 'Storage and Data' settings.
Ramsath noted that by navigating to ‘Storage and Data’ under the app's settings, and then selecting ‘Manage Storage,’ the ‘View Once’ images would still appear.
He wrote: 'I located the sender's chat, sorted the storage by "Newest," and there it was — the "View Once" image, still accessible.'
Interestingly, the flaw only affected iPhone users. Android devices seemed unaffected.
Ramsath alerted Meta, WhatsApp’s parent company, and received confirmation that they were aware of the issue. They also assured him that they were working on a fix.
Thankfully, WhatsApp pushed out an update on 29 January 2025, which addressed the problem.
Version 25.2.3 should ensure that images and videos sent with the 'View Once' feature are now fully deleted after being viewed.
Meta has yet to clarify whether images sent prior to this fix will still be visible.
For those concerned about the security of their personal images, it is crucial to update to the latest version as soon as possible.
Updating WhatsApp is simple. On iPhone, open the App Store and check if an update is available by visiting the WhatsApp page.
If there’s an update, tap the 'Update' button at the top of the screen. If the button says 'Open,' you’re all set with the latest version.
In addition to fixing the 'View Once' flaw, WhatsApp’s update introduced improvements to group calls.
Users can now select participants before starting a call, instead of adding them mid-call, and even add contacts to an ongoing conversation.
If you’re considering alternative apps due to this issue, there are several options.
Telegram, for example, offers self-destructing messages and end-to-end encryption. However, it doesn’t have encryption by default.
Signal, with its open-source nature, is another secure option.
For iPhone users, iMessage offers a native, feature-rich experience. However, it’s exclusive to Apple devices.
On Android, Google Messages integrates with Google’s services.
Meanwhile, Facebook Messenger provides a range of additional features, though it shares data with Facebook.
For anyone who’s been using 'View Once' for sensitive content, updating your app should be a priority to maintain privacy.
How do you think messaging apps should handle privacy moving forward? Share your thoughts in the comments!
What many believed to be a reliable feature for sharing sensitive content has now come under scrutiny.
This revelation has sparked alarm, with experts warning about a potential breach of trust.
WhatsApp’s 'View Once' feature has been one of its most popular privacy tools since its launch in 2021.
The tool promised users that sensitive photos would disappear after being viewed.
It offered peace of mind for those sharing private images, whether it was a photo of their Wi-Fi password or something more personal.
However, a recent glitch has raised major security concerns.
A security researcher, Ramsath, discovered that images sent via 'View Once' could still be saved to the recipient's phone, even after being opened and meant to disappear.
According to Ramsath, this issue could lead to serious 'trust issues' among users.
In a blog post, he explained: 'During one of my security research sessions, I discovered a way to bypass the "View Once" feature.'
He added: 'This bypass allowed me to access the image even after it was meant to vanish into thin air.'
Despite this flaw, WhatsApp quickly addressed the issue.
It was revealed that the problem stemmed from how the app handled storage.
Even though 'View Once' images were deleted from chats after being viewed, they remained accessible via the app's 'Storage and Data' settings.
Ramsath noted that by navigating to ‘Storage and Data’ under the app's settings, and then selecting ‘Manage Storage,’ the ‘View Once’ images would still appear.
He wrote: 'I located the sender's chat, sorted the storage by "Newest," and there it was — the "View Once" image, still accessible.'
Interestingly, the flaw only affected iPhone users. Android devices seemed unaffected.
Ramsath alerted Meta, WhatsApp’s parent company, and received confirmation that they were aware of the issue. They also assured him that they were working on a fix.
Thankfully, WhatsApp pushed out an update on 29 January 2025, which addressed the problem.
Version 25.2.3 should ensure that images and videos sent with the 'View Once' feature are now fully deleted after being viewed.
Meta has yet to clarify whether images sent prior to this fix will still be visible.
For those concerned about the security of their personal images, it is crucial to update to the latest version as soon as possible.
Updating WhatsApp is simple. On iPhone, open the App Store and check if an update is available by visiting the WhatsApp page.
If there’s an update, tap the 'Update' button at the top of the screen. If the button says 'Open,' you’re all set with the latest version.
In addition to fixing the 'View Once' flaw, WhatsApp’s update introduced improvements to group calls.
Users can now select participants before starting a call, instead of adding them mid-call, and even add contacts to an ongoing conversation.
If you’re considering alternative apps due to this issue, there are several options.
Telegram, for example, offers self-destructing messages and end-to-end encryption. However, it doesn’t have encryption by default.
Signal, with its open-source nature, is another secure option.
For iPhone users, iMessage offers a native, feature-rich experience. However, it’s exclusive to Apple devices.
On Android, Google Messages integrates with Google’s services.
Meanwhile, Facebook Messenger provides a range of additional features, though it shares data with Facebook.
For anyone who’s been using 'View Once' for sensitive content, updating your app should be a priority to maintain privacy.
How do you think messaging apps should handle privacy moving forward? Share your thoughts in the comments!
