WhatsApp’s “View Once” feature, intended to allow users to share media that can only be viewed once, has a significant privacy flaw.
Security researcher Tal Be’ery discovered that the web version of WhatsApp allows recipients to bypass the restrictions and download media intended for one-time viewing. Through a security loophole, a URL linking to the media can be copied, decrypted, and accessed despite WhatsApp’s claims of added privacy.
WhatsApp’s web and desktop apps are supposed to block access to such media, showing a message stating, “You received a view once photo. For added privacy, you can only open it on your phone.” However, this can be easily circumvented using OpenSSL tools, compromising the security of shared media.
Meta, WhatsApp’s parent company, has acknowledged the flaw and is working on updates. They also encourage users to send sensitive media only to trusted contacts.
With over 2 billion users globally, the issue raises concerns about the platform’s security and reliability in protecting user privacy.