A vsecurity bug is allowing users to bypass new privacy controls introduced by Facebook-owned messaging service WhatsApp on iPhones this month, the service said Wednesday after users posted about the problem on social media.
The disclosure comes as messaging and other applications race to improve security and privacy and as Facebook Inc. is addressing criticism for not safeguarding privacy.
WhatsApp’s new privacy feature allows iPhone users to require Touch ID or Face ID — fingerprint or facial recognition — to open the app but users were able to bypass those log-in methods by using the iPhone’s “share” function to send files over WhatsApp.
Users can set verification to be required immediately upon log-in, meaning they would need to supply Touch ID or Face ID each time they open WhatsApp, or at intervals of up to an hour, allowing them to toggle between apps on the iPhone for that time period.
The security system fails when users select any interval option other than “immediately.”
A user named “u/de_X_ter” wrote a Reddit post detailing the problem on Tuesday. Reuters verified the bug.
