Recently Facebook-owned WhatsApp released a new update for its iOS app that brings support for biometric authentication. The new feature allowed all WhatsApp iOS users to add an extra security layer by activating Touch ID or Face ID lock.
To activate the feature: Go to WhatsApp’s Settings> Account > Privacy > Screen Lock. Enable the Touch ID or Face ID depending on your phone. Next you will need to choose if you want the biometric authentication to apply immediately or after an interval(1 minute,15 minutes or 1 hour).
However the new WhatsApp feature is now facing a critical bug barely few weeks after launch.
Reports indicate that the bug is allowing anyone to bypass the app lock screen to open WhatsApp without using Touch ID or Face ID.
According Redditor d_X_ter, the bug is associated with iOS’ sharing menu which allows users to share any content via WhatsApp.
The user explains that to bypass the WhatsApp’s biometric authentication, you first need to share anything via iOS Share Sheet on your iphone. The user also explains that another precondition is that the biometric authentication activation time should either be; After 1 minute, After 15 minutes, or After 1 hour.
“While transitioning to the next screen, you observe that no FaceID or TouchID verification takes place if an option other than “Immediately” was set previously. Now just exit out to the iOS Home Screen. (If in some cases, it asks for FaceID or TouchID verification, just cancel it and try clicking on WhatsApp icon in the iOS Share Sheet again),” d_X_ter wrote.
If the trigger time is set to immediately, the bug will not be activated.
P.S. This bug does not occur if “Immediately” has been set inside WhatsApp Screen Lock Settings. I have tried by setting “After 1 minute”.
WhatsApp is yet to comment or provide an update on the same. The company is also testing a similar biometric authentication feature for Android users but hasn’t yet said when this will be released.
