WhatsApp has released an update for its iPhone app that brings a fix for the recently discovered bug that allowed anyone to bypass the Touch ID or Face ID screen lock. Carrying the version number 2.19.22, the updated WhatsApp for iPhone is now live in App Store and it is recommended that you immediately update the app. Since WhatsApp hasn’t shared an updated changelog in the App Store, it isn’t clear if the update bring any other features, bug fixes or improvements.
Earlier this week, a Reddit user discovered that the biometric authentication implementation in WhatsApp had a bug that let anyone get access to WhatsApp without going through Touch ID or Face ID. WhatsApp later confirmed the existence of the bug in a statement to Gadgets 360 and promised to release a fix soon. That fix is now available in App Store; we installed the update and can confirm that it indeed plugs the loophole.
WhatsApp had added the biometric authentication support to its iPhone app in early-February, giving the iPhone users ability to lock their WhatsApp with Touch ID or Face ID, depending on which is available in their phone. Last week’s bug pretty much made that authentication useless. To recall, WhatsApp bug only worked when a user had selected the biometric authentication kick-in time to anything except Immediately, with the other options being After 1 minute, After 15 minutes, and After 1 hour. The bug activated when someone tried to use WhatsApp share option in iPhone share sheet. Instead of asking for authentication, WhatsApp simply let the person share what they wanted. Also, if the person jumped to the home screen from the iOS share sheet, they could open WhatsApp without any interference from Touch ID or Face ID.
WhatsApp for Android doesn’t currently have a similar biometric authentication feature, so the bug did not impact Android users.