WhatsApp just got a neat new security feature on iOS. With version 2.19.20, iPhone and iPad users can now lock the app using their devices’ biometric locks — Touch ID on iPhone 5-8 and Face ID on the many models of iPhone X. Adding the lock requires you to re-authenticate yourself every time you open the app, even if your iPhone never locked.
It’s a really nice feature if you’re the kind of person who lends people your phone, or has nosy friends and relatives who want to see your private conversations, or swipe through your photo library uninvited.
Setting this new feature up is also incredibly easy. In WhatsApp, click on the “Settings” tab and go into the “Privacy” menu. Scroll down and click “Screen Lock”, then toggle it on. In the Screen Lock menu, you can also set the interval for how long you’d like WhatsApp to wait before requiring you to log in again.
Given how easy it is to log in with your thumb or face, it’s probably best to just go for “immediately”, which is the most secure option.
There is a catch, though. Even with Screen Lock, you can reply directly to incoming messages through notifications, and answer incoming voice calls without unlocking the app. The extent to which someone could exploit these loopholes is limited: if you try to access another part of the app through the voice call screen, you are asked to unlock the app.
The same applies to your chat history with text notifications. Still, the fact of the matter is that, even with this feature, the app is not completely locked down.
There is a way to prevent unauthorised users from bypassing the app lock in text notifications, though. Disabling message previews in iOS’ System Preferences prevents you from replying to your chats outside of WhatsApp and, by extension, prevents other people from sending replies without your permission (and hand or face).
To do this, open the Settings app and scroll down to the settings for WhatsApp. Click on it, select “Notifications” and set “Show Previews” to “Never”. There is a trade-off, of course: Now you won’t be able to read messages from people at a glance, but if you truly wish to keep your conversations secret, you probably shouldn’t have that feature turned on, anyway.
Unfortunately, there doesn’t seem to be a way to force WhatsApp to verify your fingerprint or face before accepting a call.
Even with that exposure, a biometric app lock is a huge security improvement for WhatsApp. I’m keeping my fingers crossed that more iOS apps adopt it or, better yet, Apple adds App- or even file-specific biometric locks to iOS on the system level.