Recently WhatsApp introduced biometric authentication feature for its iOS users. Now according to a Reddit user, implementation of this update has a bug which allows anyone to access the WhatsApp without having to recognize through Face ID or Touch ID. Whatsapp also has admitted the presence of bug and said that they are working on its fixation.
This bug works only if the biometric authentication kick-in time is set to after 1 minute, 15 minutes or 1 hour. Whereas, it does not work if kick-in time is set to “immediately”. It is activated when Whatsapp Share option is used in any app. Whenever iOS Share Sheet is shared on WhatsApp, it should ask for the authentication process, Face ID or Touch ID, but it does not if any option other than ‘Immediately’ is selected from screen lock settings of Whatsapp.
If a user moves from iOS Share Screen to the home screen, and then goes back to WhatsApp's, it does not need any authentication action, and directly gives access to WhatsApp. This makes the authentication, which was expected to be a powerful privacy feature, look useless. Though it is still unclear whether its an issue in the implementation of the feature or bug is embedded in iOS.
Whatsapp’s spokesperson said that they are trying to fix the bug and has advised users to opt for “immediately” settings for kick-in time till the issue is not resolve to secure their privacy.
This bug works only if the biometric authentication kick-in time is set to after 1 minute, 15 minutes or 1 hour. Whereas, it does not work if kick-in time is set to “immediately”. It is activated when Whatsapp Share option is used in any app. Whenever iOS Share Sheet is shared on WhatsApp, it should ask for the authentication process, Face ID or Touch ID, but it does not if any option other than ‘Immediately’ is selected from screen lock settings of Whatsapp.
If a user moves from iOS Share Screen to the home screen, and then goes back to WhatsApp's, it does not need any authentication action, and directly gives access to WhatsApp. This makes the authentication, which was expected to be a powerful privacy feature, look useless. Though it is still unclear whether its an issue in the implementation of the feature or bug is embedded in iOS.
Whatsapp’s spokesperson said that they are trying to fix the bug and has advised users to opt for “immediately” settings for kick-in time till the issue is not resolve to secure their privacy.