WhatsApp’s "View Once" feature is meant to offer a layer of privacy by ensuring that shared media disappears after being viewed.
However, a recently discovered bug made the feature unreliable, allowing iPhone users to access "View Once" photos and videos multiple times instead of just once.
First revealed by a cybersecurity researcher Ramshath in a blog post, the bug was shockingly easy to exploit. iPhone users could simply navigate to Settings > Storage and Data > Manage Storage, locate the sender’s chat, and sort the media by "Newest"—allowing them to reopen "View Once" content that should have vanished.
This privacy oversight only impacted iOS users but given the huge number of iPhone users worldwide, the issue was a major concern for WhatsApp and its parent company, Meta.
Meta’s response
Ramshath reported the bug to Meta’s bug bounty program, only to be told that the company was already aware of the issue and working on a fix. Fortunately, WhatsApp rolled out an update (version 25.2.3 on iOS) that patches the vulnerability. Users are strongly advised to update their app to ensure their "View Once" content behaves as intended.
This isn’t the first time WhatsApp’s "View Once" feature has had security loopholes. Back in September 2024, researchers discovered that self-destructing media could still be accessed if users knew the direct URL of the file stored on WhatsApp’s servers. That issue was later fixed, but the recurrence of such problems raises concerns about the feature’s reliability.
With Meta and WhatsApp positioning themselves as privacy-focused platforms, frequent security flaws in features designed for ephemeral messaging could make users think twice before sharing sensitive content.
