The Zengo encrypted wallet team discovered that the WhatsApp privacy vulnerability has not been fully fixed

On December 11, the issue with WhatsApp's "disappearing media" feature was finally resolved. The problem was first discovered months ago by the technical team of Zengo, a start-up cryptocurrency wallet company. WhatsApp had introduced a "View Once" feature that allowed users to send photos and videos which would automatically delete after being viewed, thereby protecting user privacy. However, in August, Zengo's team found that this feature could be easily bypassed when using the platform's web application. They reported the issue to WhatsApp but made their findings public when they realized it was being widely exploited "to protect the privacy of WhatsApp users". A patch was quickly released by WhatsApp but reportedly still allowed viewing of supposedly deleted images. The platform now says it has launched a more comprehensive software update. In another blog post on Monday, Zengo co-founder Tal Be’ery explained that although this fix is a significant improvement from its original state, it is not perfect. He added that "the fix still allows other sender devices (which should not display 'view once' messages) to receive this message", potentially posing unnecessary risks as it unreasonably increases attack surface.