A security flaw has been found in the latest update to WhatsApp. The issue relates to the share sheet in iOS which in most cases can bypass the security requirement of authentication via Face ID or Touch ID. Facebook, who owns WhatsApp, has acknowledged the issue and says a fix is on its way.
Support for Face ID and Touch ID rolled into the messaging app a few weeks ago for added security. However, unless it is set to “immediately” on requiring it, you can bypass it through the share sheet in iOS. As an example, if you are in Apple News and want to share an article to WhatsApp, you can open up the share sheet and select the messaging app. You will not be prompted for Face ID or Touch ID authentication unless you have the messaging app set to immediately require it. If it is on any other setting, it will simply let you get into the messaging app without authentication.
The issue was documented on Reddit and I have been able to replicate at will.
Facebook has acknowledged the issue and is promising a quick fix in the form of an app update. In the meantime, it is recommended that you set the Face ID/Touch ID settings in the app to immediately require it so as to close this loophole. There is no official word on when there will be an update to the app to address this security flaw.
Support for Face ID and Touch ID is slowly trickling out to apps for iOS and, for the most part, works well. Security flaws like this are rare but do happen and it is always advised to have the latest version of the apps installed on your iPhone or iPad to assure if a security issue is found and fixed, you are covered.