WhatsApp’s “View Once” feature was designed to offer a layer of privacy by ensuring that shared media disappears after being viewed once.
However, a recently discovered bug made the feature unreliable, allowing iPhone users to access “View Once” photos and videos multiple times instead of just once.
First revealed by cybersecurity researcher Ramshath in a blog post, the bug was surprisingly easy to exploit. iPhone users could simply navigate to Settings > Storage and Data > Manage Storage, locate the sender’s chat, and sort the media by “Newest,” allowing them to reopen “View Once” content that should have disappeared.
This privacy flaw only impacted iOS users, but given the large number of iPhone users worldwide, the issue raised significant concerns for WhatsApp and its parent company, Meta.
Meta’s Response Ramshath reported the bug to Meta’s bug bounty program, only to be told that the company was already aware of the issue and working on a fix. Fortunately, WhatsApp rolled out an update (version 25.2.3 on iOS) that patched the vulnerability. Users are strongly advised to update their app to ensure their “View Once” content behaves as intended.
This is not the first time WhatsApp’s “View Once” feature has had security flaws. In September 2024, researchers discovered that self-destructing media could still be accessed if users knew the direct URL of the file stored on WhatsApp’s servers. That issue was later fixed, but the recurrence of such problems raises concerns about the feature’s reliability.
With Meta and WhatsApp positioning themselves as privacy-focused platforms, frequent security flaws in features designed for ephemeral messaging could make users think twice before sharing sensitive content.
