Earlier this month, Facebook-owned WhatsApp rolled out an update for its iPhone chat app, which included support for biometric authentication using Face ID or Touch ID. Now, it is being reported that the biometric authentication implementation in the app has a bug that allows anyone to get access to WhatsApp without going through Touch ID or Face ID. We were able to spot the existence of the bug independently as well, and are awaiting comment from WhatsApp on a possible resolution.
As spotted by Reddit user de_X_ter, the WhatsApp bug only works when the user has selected the biometric authentication kick-in time to anything except Immediately, with the other options being After 1 minute, After 15 minutes, and After 1 hour. According to the Redditor, the bug activates when anyone tries to use WhatsApp Share Extension in any app. Ideally even when sharing anything on WhatsApp using iOS Share Sheet should trigger Touch ID or Face ID requirement, but it doesn’t when the user has selected anything except Immediately in WhatsApp > Account > Privacy > Screen Lock.
Also, if one jumps to the home screen from the iOS Share screen, they can open WhatsApp without any interference from Touch ID or Face ID. It doesn’t matter if you are way past the 1-minute, 15-minute, or 1-hour mark, which is set in WhatsApp Screen Lock. This is a weird bug but it completely bypasses screen lock in WhatsApp, rendering the whole biometric authentication useless. It is unclear if it is an issue with WhatsApp’s implementation or an inherent bug in iOS.
As we mentioned, Gadgets 360 was able to confirm the existence of the bug on two iPhone units, one with Touch ID and the other with Face ID. There is no word on whether WhatsApp is aware of the issue or when we can expect a fix. We have reached out to the company for comment, and will update this space when we hear back.
If you like to use biometric authentication on WhatsApp on iPhone, it is ideal to set the screen lock kick-in time to Immediately. Any other option will leave your WhatsApp vulnerable to the bug. WhatsApp for Android doesn’t include a similar feature right now.
We discussed what WhatsApp absolutely needs to do in 2019, on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.