WhatsApp has resolved a bug that allowed malicious users to save images and videos sent using the platform’s “View Once” privacy feature, which is designed to ensure media disappears after being viewed.
In September, TechCrunch reported that a flaw in WhatsApp’s implementation of the feature enabled users of its browser-based web app to bypass these protections. Normally, “View Once” prevents recipients from saving, sharing, forwarding, copying, screenshotting, or screen recording media. However, the bug allowed users to display and retain the media instead of it vanishing as intended.
On Friday, WhatsApp spokesperson Zade Alsawah confirmed to TechCrunch that the company has rolled out a long-term fix addressing the issue.
“We’re constantly building in layers of privacy protection, and that includes rolling out key updates to View Once on web,” Alsawah said in an email. “As always, we continue to encourage users to only send View Once messages to people they know and trust, and make sure they’re on the latest version of the app.”
The bug was flagged by security researcher Tal Be’ery, who has been investigating WhatsApp’s privacy issues this year. Be’ery alerted both WhatsApp and TechCrunch about the vulnerability. However, he wasn’t the only one to discover it. At the time, several browser extensions and social media posts promoted tools to bypass the feature, enabling users to install an extension and automatically save “View Once” media.
Following WhatsApp’s recent fix, users of those browser extensions, some of which required paid subscriptions, have complained that the tools no longer work. “Does not work AT ALL. Don’t waste your time,” wrote one disgruntled user.
TechCrunch conducted a test on Friday and confirmed that when receiving a “View Once” message on WhatsApp’s web app, the platform now displays a warning message similar to the one shown on its desktop app.
