Bleeping Computer

WhatsApp device linking abused in account hijacking attacks

Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing. This type of attack does not require any authentication ...
Ars Technica

Russia-aligned hackers are targeting Signal users with device-linking QR codes

I honestly do not see what other method should be used. QR codes are pretty good to transfer information locally. I mean sure, you could ask the user to type it, but I do not think that is practical ...