It doesn’t take a lot to be suspicious of apps like WhatsApp, especially when advertising related to topics you’re discussing – with or without the app in the middle – immediately stares you in the face. And no matter what Meta does, trust in the company, which includes WhatsApp, around protecting user data and privacy is shaky at best.
Therefore, it comes as no surprise to learn WhatsApp continues to be hounded by allegations and legal scrutiny over its user privacy standards. From competitors pointing fingers to class action lawsuits, WhatsApp finds itself once again facing the same old questions.
Social media rivals of WhatsApp have been especially accusatory. Elon Musk couldn’t be any more blunt recently when he said “Can’t trust WhatsApp.” Pavel Durov, founder and CEO of Telegram, went much further, suggesting WhatsApp’s encryption claims as “the biggest consumer fraud in history.”
Durov further alleged WhatsApp reads messages and shares them with third parties. It’s exactly the sort of rhetoric that’s meant to raise a technical dispute into a full-blown public panic in a matter of minutes.
Musk and Durov aren’t speaking in isolation, their attacks are based on a proposed US class action lawsuit filed in January 2026 against Meta and WhatsApp. The lawsuit (which includes Indian citizens) alleges that WhatsApp misled billions of users by claiming their messages were protected by end-to-end encryption (E2E). At the same time, WhatsApp supposedly allows internal employees, contractors, and other third parties to access private communications of its users.
More explosively, the lawsuit claims WhatsApp has a hidden “kleptographic backdoor,” which allows Meta workers the ability to request access and then read message content of any WhatsApp user. It takes direct aim at public faith in Meta as a company, using WhatsApp as the stick.
There is another allegation against WhatsApp in this legal battle that is more technically grounded: metadata. According to the class action lawsuit, Signal Protocol used by WhatsApp only protects message content, not all surrounding metadata. That means who contacted whom, when, and from where can still be visible to WhatsApp.
Also read: From Pegasus to CVE-2025: 3 times WhatsApp faced critical security issues
Then there are the older accusations against WhatsApp, which deals with what E2E actually protects. Most notable of these is ProPublica’s 2021 investigation, which showed WhatsApp relied on large moderation teams to review content users reported. Long story short, it raised real questions about privacy expectations, but not decisive proof that WhatsApp’s core encryption was fake.
And that is precisely where independent cryptographers step in. Experts contacted by Decrypt said they don’t see how Meta can routinely access the plaintext of WhatsApp messages the way the lawsuit claims.
In fact, Johns Hopkins cryptographer Matthew Green argued there’s greater risk of WhatsApp chats being compromised from cloud backups stored with Apple or Google, and he did separately suggest that WhatsApp’s backup architecture can indeed weaken privacy in some configurations. But that remains a very different accusation from the lawsuit’s claim of effortless universal access by Meta itself. WhatsApp, for its part, has called the case meritless and absurd.
Also read: WhatsApp message encryption explained: What is the Signal protocol?