We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

WhatsApp Bug Lets Anyone Bypass “View Once” Feature

WhatsApp Bug Lets Anyone Bypass “View Once” Feature
Author Image Husain Parvez
Husain Parvez Published on 11th September 2024 Cybersecurity Researcher

A newly discovered flaw in WhatsApp’s "View Once" feature allows recipients to bypass privacy protections to save and share media intended to disappear after a single viewing. The issue was formally identified by the Zengo X Research Team.

WhatsApp launched the "View Once" feature in 2021 so that once a recipient views a piece of media, it is automatically deleted, preventing it from being saved or forwarded.

Tal Be’ery, CTO of crypto wallet company Zengo and the lead researcher behind this discovery, noted that the bug allows users to access "View Once" messages through WhatsApp Web by simply overriding a setting in the platform's code. Be’ery stated in the official report that “the only thing that is worse than no privacy, is a false sense of privacy in which users are led to believe some forms of communication are private when in fact they are not."

Further elaborating on the technical aspects, Zengo researchers found that "View Once" messages are essentially the same as normal media messages but with a flag that designates them as "View Once." This flag can be easily toggled off, allowing the media to be downloaded and saved.

The flaw was reported to Meta, WhatsApp’s parent company, in late August 2024. Meta responded by stating they are aware of the issue and are actively rolling out updates to address it. However, Meta's timeline for a complete fix remains unclear. In the meantime, Meta recommends users only send "View Once" messages to trusted contacts, cautioning that even the best-intended privacy features can fail under certain circumstances.

This bug has also been exploited in the wild, with browser extensions making it easy to bypass the "View Once" flag on WhatsApp Web, according to BleepingComputer. One of these extensions has existed for over a year, exposing users to privacy risks for an extended period.

Security experts suggest that WhatsApp must implement stronger measures, such as Digital Rights Management (DRM) solutions, to better control media access.

WhatsApp made headlines just a few months ago for allowing the execution of Python and PHP scripts on WhatsApp for Windows, further stressing the need for ongoing security improvements across the platform.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address