How anyone can bypass WhatsApp's Face ID, Touch ID lock
Just a few weeks back, WhatsApp had introduced biometric authentication in its iOS app. The feature allows any iPhone, iPad user to employ Face ID or Touch ID (depending on their device) and secure the messaging app. But, as it turns out, even with Apple's screen lock capabilities, WhatsApp remains vulnerable to direct third-party access, usage. Here's how.
Typically, Face ID or Touch ID security requires the user to authenticate his biometrics to access WhatsApp by verifying their face or fingerprint. However, just recently, Reddit user de_X_ter found that the lock can be bypassed if you manage to exploit a bug in the messaging platform. The user even gave step-by-step instruction to explain how that happens.
The user revealed WhatsApp bug can be triggered if the lock activation time in the app's setting is kept at after 1 minute, 15 minutes, or 1 hour, anything except 'Immediately'. Now, if you use WhatsApp Share Extension in any app, the platform won't prompt you for Face ID/Touch ID authentication - even if the set time limit has passed.
As and when WhatsApp is accessed via this, the bug activates and you can go to the home screen to access the service without authentication. Meaning, the app will open with no interference from Face ID or Touch ID.
Anyone with physical access to your iPhone can leverage this bug to open your WhatsApp and access its content. However, do note that the problem can be avoided if you choose authentication kick-in time to 'Immediately' instead of after a few minutes. This way, when you access the service from share sheet, WhatsApp will trigger Face ID/Touch ID, preventing the bug from being exploited.
We were able to verify the bug, but so far, the Facebook-owned messaging service has not acknowledged its existence. This means there's no saying when we might get a fix for this problem. You may not like having WhatsApp locked immediately, but unless the fix comes, this is the only way to avoid the issue.