Earlier this month, WhatsApp announced a new feature for iOS users where they will be able to use Face ID to protect the app, meaning that users will need to scan their faces to open the app. This means that users can add an additional layer of security and privacy to the app and prevent others from reading their messages even if their phone is unlocked.
Unfortunately in a post on Reddit, u/de_X_ter seems to have discovered a vulnerability in the feature. In this vulnerability, it has been discovered that despite enabling Face ID or Touch ID for WhatsApp, the app can still be opened via the iOS Share Sheet, thus bypassing the additional security measures that were previously put into place.
However we should note that this only seems to apply to users who have chosen an option other than “Immediately” in their WhatsApp settings. For those unfamiliar, when choosing to enable Face ID or Touch ID, users will also be able to choose when the additional security measure is needed. For example if you’d rather not have to use Face ID or Touch ID everytime you open WhatsApp, you might have chosen the “After 1 minute” option.
If you have chosen that option and other options apart from “Immediately”, then this vulnerability will work against you. For now the only way to prevent this vulnerability from being exploited is by setting it to “Immediately”. It is unclear if WhatsApp is aware of the issue, but hopefully we can expect a fix in the near future.