The function ” Single view », inaugurated by WhatsApp in 2021, adds an additional layer of confidentiality by allowing the sending of media (photos and videos) that can only be seen once before they disappear. This protection is reserved for mobile app users on Android and iOS. When a user tries to open “Single View” media on the web version of the email or in the desktop application, a warning says that this type of content can only be opened on a phone.
A false sense of security
Tal Be’ery, security researcher and co-founder of the company Zengo, discovered a bug in this functionality on the web version of WhatsApp. According to him, it is possible for a malicious user to bypass the automatic deletion of files, view them and then save them, even if these media should have disappeared after opening. In a demonstration performed for TechCrunchthe researcher managed to save a “Single View” photo on the web using WhatsApp.
Alerted via its official bug bounty program on August 26, Meta, the parent company of WhatsApp, responded quickly. A spokesperson for the company said TechCrunch that updates are deployed to fix the bug in the web application. ” We always encourage users to only send “Single View” messages to people they trust “, he added.
However, Meta did not provide a specific date for the full resolution of this issue. This bug was already exploited by browser extensions long before Tal Be’ery discovered it. Discussions on social networks show that many users have already shared methods to bypass “Single View” protection with these known extensions or third-party software. This raises many disturbing questions about the solidity of this functionality and the commitment of WhatsApp and Meta to the protection of private data…
Tal Be’ery does not fail to criticize WhatsApp, he describes the “Single View” feature as ” false promise of confidentiality “. In a billet blog published on the Zengo website, he explains: ” The only thing worse than no privacy is the illusion of having it. WhatsApp misleads its users into believing that certain types of communications are private when they are not. » He recommends either significantly strengthening this feature or abandoning it altogether.
The researcher proposes a series of solutions. For example, he suggests implementing a digital rights management (DRM) system or restricting the use of “Single View” media to mobile devices only. These solutions will help limit abuse on less secure platforms, such as web and desktop applications.