A new lawsuit has sparked debate about the limits of end-to-end encryption protection in WhatsApp. The lawsuit, filed by a group of plaintiffs against Meta, accuses the company of misleading users by asserting that encryption protects data, including photos and videos, from being accessed by the company or any other parties. The lawsuit alleges that Meta and WhatsApp “store, analyze, and have access to virtually all of WhatsApp users’ purported conversations.”
These allegations sparked strong reactions from prominent figures such as Elon Musk and Pavel Durov, founder of Telegram, in addition to a clarification from WhatsApp chief Will Cathcart. The lawsuit alleges that Meta employees accessed the content of WhatsApp chats through an internal process, going beyond apparent privacy promises to users, Bloomberg reported. According to reports, employees can request to pull messages in real-time using a user ID from an engineer in Meta.
For its part, Meta strongly denied these accusations and described the lawsuit as baseless. A company spokesperson said that WhatsApp has been encrypted end-to-end using the Signal protocol for ten years, calling the lawsuit a “worthless work of fiction.”
As news of the lawsuit spread, Musk posted on the X platform: “WhatsApp is not secure, even Signal can be questioned, use XChat.” Musk’s post helped turn the dispute into a broader debate about how crypto claims fit with corporate practices and actual product behavior.
Pavel Durov criticized WhatsApp’s security after the lawsuit came to light, stating that believing the app is safe in 2026 would be illogical, according to reports. His comments reflect the ongoing competition between Telegram and WhatsApp over which platforms offer stronger privacy protections.
On the other hand, Will Cathcart, head of WhatsApp, defended the application and described the allegations as “completely false.” He stressed that WhatsApp cannot read messages because the encryption keys are stored on users’ phones, stressing that the lawsuit is baseless and aims only to attract media attention.
Even when message contents are end-to-end encrypted, privacy arguments often leave potential vulnerabilities such as cloud backups, forwarded messages, reports, and metadata “who you communicated with, when, and from where.”
To reduce risks, it is advisable to check the status of backups, review content stored in the cloud, and minimize involvement in any reporting system on the platform. WhatsApp also provides the option to encrypt end-to-end backups, which can be activated from the app settings. (seventh day)
