Once and Forever: WhatsApp’s View Once Functionality is Broken

This report demonstrates that WhatsApp’s “View once” ephemeral-media feature is implemented insecurely: media are uploaded as normal encrypted blobs and sent to all linked devices with a client-side flag that can be toggled or ignored, allowing attackers or modified clients to obtain exact digital copies of supposedly ephemeral content. The researchers built proofs-of-concept (an unofficial client and referenced browser extensions), found evidence of in-the-wild exploitation, responsibly disclosed to Meta, and recommend DRM or restricting delivery to primary devices as mitigations.