WhatsApp launched a biometric authentication feature for its App on iOS in January, whereby users can choose to require Face ID or Touch ID authentication in order to unlock the application, as additional security measure.
But with recent findings, the new security feature isn't quite secure after all, as a bug is allowing iPhone users to bypass the security mechanism and able to launch the WhatsApp application without any verification either via Touch or Face ID through the iOS share sheet.
The security feature allowed users to set verification to be required immediately upon log-in, with the need to apply Touch ID or Face ID each time they wish to access WhatsApp, or at specific intervals which could be up to an hour.
Albeit, the security feature failed whenever a user select any interval option other than “immediately" and when users need to select WhatsApp on sharing media via the share sheet, resulting the users to be taken to the WhatsApp app, while the Touch ID or Face ID options fail to pop up for authentication.
The failure to authenticate happens if the user has set the time to enable Touch ID or Face ID for authentication to either “after one minute”, “after 15 minutes”, or “after one hour” which makes it possible for anyone to access WhatsApp without fingerprint or facial recognition.
It remains unclear if the bug is from WhatsApp end or if it is rooted in the iOS platform, however WhatsApp has responded by acknowledging the bug and promising that a fix will be available shortly. It is recommended that users should set the screen lock option to "immediately” to mitigate the flaw until a patch is made available.