:max_bytes(150000):strip_icc()/LockScreen_GIPhotoStock_Getty-56a6a5925f9b58b7d0e422eb.jpg)
is being reported that the biometric authentication implementation in the app has a bug that allows anyone to get access to WhatsApp without going through Touch ID or Face ID. We were able to spot the existence of the bug independently as well, and are awaiting comment from WhatsApp on a possible resolution.
As spotted by Reddit user de_X_ter, the WhatsApp bug only works when the user has selected the biometric authentication kick-in time to anything except Immediately, with the other options being After 1 minute, After 15 minutes, and After 1 hour. According to the Redditor, the bug activates when anyone tries to use WhatsApp Share Extension in any app. Ideally even when sharing anything on WhatsApp using iOS Share Sheet should trigger Touch ID or Face ID requirement, but it doesn't when the user has selected anything except Immediately in WhatsApp > Account > Privacy > Screen Lock.
Also, if one jumps to the home screen from the iOS Share screen, they can open WhatsApp without any interference from Touch ID or Face ID. It doesn't matter if you are way past the 1-minute, 15-minute, or 1-hour mark, which is set in WhatsApp Screen Lock. This is a weird bug but it completely bypasses screen lock in WhatsApp, rendering the whole biometric authentication useless. It is unclear if it is an issue with WhatsApp's implementation or an inherent bug in iOS.
If you like to use biometric authentication on WhatsApp on iPhone, it is ideal to set the screen lock kick-in time to Immediately. Any other option will leave your WhatsApp vulnerable to the bug. WhatsApp for Android doesn't include a similar feature right now.
No comments:
Post a Comment