A recent privacy vulnerability has been identified in WhatsApp, the messaging app owned by Meta Platforms. The flaw targets the View Once feature introduced in 2021, which aims to prevent recipients from forwarding, copying, or screenshotting messages. According to a report from the information security firm Zengo, attackers may bypass this protection and capture private content after it has been viewed. The issue centers on how the View Once function behaves across different platforms, potentially exposing users to privacy risk across devices.
Zengo’s analysis shows that the View Once setting effectively blocks screenshots on mobile devices, but the same protection does not extend to the web version or the desktop app. In these environments, recipients might still record or copy the content using alternative methods, creating a loophole that could lead to unwanted sharing of sensitive messages. Zengo researchers note that Meta’s implementation appears to have overlooked cross-platform consistency, allowing potential abuse by malicious actors who can disseminate copies of private messages.
Experts explained they provided all necessary information to Meta and chose to disclose the vulnerability publicly after determining that it had already been exploited in real-world scenarios. The risk is not limited to a single country; with more than two billion users globally, the potential impact spans multiple regions, including North America. The issue underscores the importance of cross-platform security measures and ongoing auditing of privacy features across mobile, web, and desktop environments.
WhatsApp remains a free, widely used instant messaging service in the United States, Canada, and beyond. It supports text and voice messages, voice and video calls, and the exchange of images, documents, and various other files. The service serves a broad audience and is a key communication channel for individuals and organizations alike. As privacy debates intensify, users are urged to stay informed about feature updates and potential security considerations across all platforms.
This incident highlights the ongoing tension between feature convenience and privacy protection. Users should practice good security hygiene, including staying current with app updates, reviewing privacy settings, and being mindful of the platforms they use to access WhatsApp content. Privacy is a shared responsibility among developers, service providers, and users, and transparent reporting helps drive improvements across ecosystems.