WhatsApp's 'View Once' could be 'View Whenever' due to a flaw

Zengo security researchers discovered that WhatsApp's "View Once" media protection can be bypassed because the servers provide the same media as regular messages with only a flag indicating "view once"; attackers or third-party apps can clear that flag to save or forward the media. Proof-of-concept modified Android clients and a Chrome extension were found on GitHub, a demo video exists, and the issue has been reported to Meta who are preparing a fix.