A few weeks earlier, WhatsApp added a screen lock to the app, allowing authentication of the platform through Face ID or Touch ID. We’ve now come to find out that the latest security enhancement has a vulnerability that can let anyone access your chats even if they’re secured with Face ID or Touch ID.
According to a member on Reddit, WhatsApp’s new privacy lock screen can be bypassed within a few steps. The bug is associated with iOS’ sharing menu which allows users to share content via WhatsApp. In order to get through to the main chat screen without FaceID or TouchID verification, the user clicked on the WhatsApp icon inside the iOS Share Sheet.
If a user had previously not set “Immediately” for screen lock to be set within the closing of the app, you’ll witness that no FaceID or TouchID verification takes place when moving on to the next screen. After the next screen, if you get back to the home screen and then click on the WhatsApp icon, you’ll now be able to enter WhatsApp without FaceID or TouchID authentication.
From here, it’s clear that users setting a lock screen for WhatsApp have to choose the “Immediately” option instead of “After 1 minute”, “After 15 minutes” or “After 1 hour”, which will be the time after which your iPhone or iPad will ask for the Face ID or Touch ID verification again.
Luckily for users on Android, WhatsApp hasn’t yet rolled out a privacy screen lock of their own on the platform. This means the presence of such a vulnerability is less likely for WhatsApp on Android.