A new method has been found to bypass the View Once feature on WhatsApp. This is not the first time this has happened, but what makes this case different is Meta’s response. The company has decided not to fix it.
The issue was discovered by security researcher Tal Be’ery, who has previously reported similar problems with the same feature. Over the past few years, he has found multiple ways to access View Once media even after it is supposed to disappear. Some of those issues were fixed by WhatsApp and even rewarded under its bug bounty program.
This time, the method again allows access to View Once content before it vanishes. But it depends on using a modified version of the app. According to the researcher, such methods can also be extended using browser tools with WhatsApp Web, which raises the risk of wider misuse.
Meta has acknowledged the report but made it clear that it does not consider this a security issue that needs fixing. The company says the problem involves unofficial or modified clients, which fall outside its threat model. In simple terms, WhatsApp is only responsible for security within its official app, not for what happens when someone uses altered versions.
The company also points out a practical limitation. Even if it blocks screenshots or downloads inside the app, it cannot stop someone from using another phone or camera to capture the content. Because of this, Meta positions View Once as a basic privacy feature, not a fully secure way to share sensitive data.
Many users treat View Once as a secure way to send private photos or videos. In reality, it only reduces casual sharing. It does not guarantee that the content cannot be saved or copied.
From a technical point of view, the researcher’s finding is not surprising. Any system that depends on the client side can be bypassed if the client itself is modified. This is a known limitation in app security. The real question is how companies choose to respond.
The researcher has suggested adding stronger protection using DRM-like systems. But Meta does not agree with this approach either. The company says DRM is not suitable for a messaging app and can still be bypassed. It also adds more complexity and depends on external systems to manage access.
But this incident is a warning for users who think view once feature on WhatsApp protects their private photos. No matter how many restrictions are added, once content is displayed on a screen, it can be captured in some form. Software can reduce the risk, but it cannot eliminate it completely.
So users must understand that View Once is useful for reducing traces inside chats, but it should not be treated as a secure channel for highly sensitive content.
