WhatsApp users updating to the latest version of the messaging app on iOS will find a new setting lurking at the bottom of the ‘Privacy’ menu that adds support for Apple’s biometric authentication technologies.

WhatsApp adds support for Face ID/Touch ID biometric lock on iOS Image from iOS

WhatsApp users on iOS can now tap into Apple’s biometrics for an extra layer of security

Under the new setting, called ‘Screen Lock’, users of WhatsApp on iOS can tap through to another menu to add an additional layer of security by requiring either their facial biometric or a fingerprint to unlock the messaging app.

iPhone users are either offered the ability to ‘require Face ID’ or ‘require Touch ID’ depending on their handset hardware.

The change, in version 2.19.20 of the WhatsApp iOS app, is listed as: 

• You can now require Face ID or Touch ID to unlock WhatsApp. Tap “Settings” > “Account” > “Privacy” and enable Screen Lock.

While WhatsApp makes use of the respected Signal Protocol to protect users’ comms via end-to-end encryption, the best encryption in the world can’t offer any protection if a person gains possession of your unlocked device as they can just open the app and read everything in plain text.

So the lack of a native lock option in WhatsApp has been a rather big security oversight. But one the messaging giant has at least now rectified on iOS.

Albeit the setting is not enabled by default — and is a bit buried in the menus — so less security savvy users are unlikely to realize it’s there.

There’s also still no native option in WhatsApp to add any kind of passcode to the app. Which would offer a universal ‘extra security’ option that could work across Android and iOS. (Presumably WhatsApp’s parent Facebook isn’t a fan of the added ‘friction’ such a setting could bring.)

Although various third party apps can be downloaded and used to require a passcode before other apps can be opened, a native passcode option would increase accessibility and shrink potential security concerns about using third party downloads for what should really be a core function.