WhatsApp Fixes Bug that Allowed Malicious Users to Save "View Once" Media
In a recent development, WhatsApp has fixed a bug that allowed malicious users to save pictures and videos sent as "View Once," despite the feature’s intention of preventing recipients from saving, sharing, forwarding, copying, or even screenshotting or screen recording media. The bug was discovered in September by TechCrunch and reported to have been present in the implementation of WhatsApp’s browser-based web app.
The Bug: A Threat to User Privacy
The "View Once" feature is designed to provide users with an added layer of privacy when sending sensitive media, such as pictures or videos. However, the bug allowed recipients using WhatsApp’s web app to display and then keep the picture or video, even though it was intended to vanish after being viewed. This raised concerns about user privacy and the potential for malicious use.
WhatsApp’s Response: A Fix Rolled Out
On Friday, WhatsApp spokesperson Zade Alsawah told TechCrunch that the company has rolled out a longer-term fix that resolves the issue. The fix is part of WhatsApp’s ongoing efforts to enhance its security features and protect user privacy. Alsawah emphasized that users should only send "View Once" messages to people they know and trust and ensure they are on the latest version of the app.
A Fix, but Not a Solution
While the bug has been fixed, it highlights the importance of continuous monitoring and updating of security features by messaging apps like WhatsApp. The fix may not be foolproof, as some users have reported that browser extensions previously used to circumvent the privacy feature no longer work after the update.
The Role of Researchers in Identifying Bugs
Security researcher Tal Be’ery, who has been looking into WhatsApp’s privacy issues this year, alerted WhatsApp and TechCrunch about the bug. Be’ery’s research and publication drove WhatsApp to fix the issue and protect its users’ privacy. Be’ery’s efforts demonstrate the importance of responsible disclosure in identifying bugs and ensuring that messaging apps prioritize user security.
Background on "View Once"
The "View Once" feature was launched in 2021 as part of WhatsApp’s efforts to enhance user privacy. However, the bug highlighted an important limitation: the feature only works on WhatsApp’s iOS and Android apps, not on the web or desktop app. This raises questions about the effectiveness of the feature and whether it is sufficient to protect users’ sensitive information.
Conclusion
WhatsApp’s fix of the "View Once" bug is a positive step towards enhancing user privacy. However, it also highlights the importance of ongoing monitoring and updating of security features by messaging apps. Researchers like Tal Be’ery play a crucial role in identifying bugs and driving change. As technology continues to evolve, users must remain vigilant about their online security and take steps to protect themselves from potential threats.
Recommendations for Users
To ensure your online safety:
- Only send "View Once" messages to people you trust.
- Ensure you are on the latest version of WhatsApp.
- Be cautious when sharing sensitive information online.
- Consider using end-to-end encryption and other security features to protect your communication.
Stay Informed: TechCrunch’s Coverage
For the latest news on technology, cybersecurity, and user privacy, follow TechCrunch. We provide in-depth coverage of the most important issues affecting users today.
