Is WhatsApp end-to-end encryption a ‘giant fraud’? Telegram CEO Pavel Durov thinks so

Telegram founder Pavel Durov has slammed WhatsApp for its loopholes in security-based encryption, calling it “the biggest consumer fraud in history.”

According to the CEO, WhatsApp’s widely touted end-to-end encryption is nothing more than misleading and unsecure, leaving private messages of billions of users exposed on unencrypted cloud servers.

Taking to X, Durov posted, “95% of private messages on WhatsApp end up in plain-text backups on Apple or Google servers — not E2E-encrypted. Backup encryption is optional, and few people enable it — let alone use strong passwords.”

Given the statement, it means that Google, Apple, different agencies or malicious actors who have access to these platforms, can read or potentially misuse these backups.

It means even with a strong password protecting your WhatsApp backups, one’s private conversations can still leak into unencrypted cloud storage through the devices of your contacts.

Since the vast majority of users do not enable end-to-end encrypted backups, their interactions, including chats remain vulnerable.

“Apple and Google disclose backed-up WhatsApp messages to third parties thousands of times per year. Meanwhile, Telegram hasn’t disclosed a single byte of users’ messages in its entire 12+ year history,” Durov added.

Not only Pavel Durov, but also xAI founder Elon Musk has criticized WhatsApp for such kinds of security loopholes. In a recent post on X, Musk echoed similar concerns, stating “Can’t trust WhatsApp.”

Moreover, security groups, such as Electronic Frontier Foundation have raised similar privacy related concerns, citing “unencrypted backups are vulnerable to government requests, third-party hacking, and disclosure by Apple or Google employees.”

Besides tech moguls’ concerns, users are also highly concerned about these potential privacy threats. A US-based class-action lawsuit has been filed against Meta, alleging WhatsApp gives Meta employees and third-party entities’ unauthorized access to users’ private messages while going against public privacy assurances.

Meta’s response

In the wake of these widely circulated concerns, Meta has dismissed these allegations as “false and absurd” while assuring the users privacy protection through open source Signal protocol to encrypt them.

In response to Elon Musk's tweet, WhatsApp took to X and shared its views, "The claims in this lawsuit are categorically false and absurd. WhatsApp has been end-to-end encrypted using the Signal protocol for a decade so your messages cannot be read by anyone other than the sender and recipient."