Meta denies allegations it doesn't keep WhatsApp messages private

WhatsApp is the most widely used messaging platform in the world, boasting three billion active monthly users as of 2025. With widespread adoption, Meta’s communication juggernaut delivers 100 billion messages per day brimming with terabytes of data that, up until recently, were believed to be safely encrypted to keep prying eyes at bay. Allegedly, that’s not the case: A new lawsuit claims WhatsApp’s encryption technology is merely a façade that hides Meta’s broad backdoor access.

Perhaps unsurprisingly, Meta “categorically” denies the claims. But while the most recent turn in the drama involved a judge tossing out a suit from WhatsApp’s former cybersecurity chief alleging the company fired him for blowing the whistle, the larger global class-action suit against Meta rolls on.

Why people love WhatsApp

WhatsApp is hugely popular for several reasons.

A full trial and an investigation will need to be conducted before the truth comes to light.

First, it’s not tied to any specific phone platform or service. Unlike Apple’s proprietary iMessage, or perhaps Blackberry Message of the past, WhatsApp works on most devices, including Apple products, Android phones, desktop computers, and more. It’s ubiquitous, making it an easy choice for users who just want to connect with their family and friends, wherever they are and whatever device they use.

Second, WhatsApp features end-to-end encryption built on Signal Protocol — the same encryption technology found in the Signal app. That means your messages, photos, videos, and other files sent through the app are private so that only you and the person you’re talking to can view them. Don’t take my word for it though. Here’s what Meta says:

When you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private — sort of like a face-to-face conversation.

With end-to-end encryption, you can be sure that your messages are safe and sound from prying eyes who wish to monetize your information or worse, right? At least, that’s what it’s supposed to mean.

The lawsuit

The new lawsuit alleges that WhatsApp isn’t as encrypted as everyone believed. Filed at the U.S. District Court by a band of whistleblowers from Australia, Brazil, India, Mexico, and South Africa, the suit claims that WhatsApp’s encryption technology can be easily thwarted by the right people within Meta’s own hallowed halls — including content moderators working through Accenture, which has been added as a defendant in the case.

Before we jump too far down the rabbit hole, the suit admits that WhatsApp doesn’t make the source code behind its encryption implementation available to the public or third-party auditors. Therefore it’s impossible to prove (or even disprove) that its encryption system is set up correctly, with no backdoor access or vulnerabilities. The public simply has to trust Meta to be honest here.

RELATED: Meta drops stunning news about its $77 BILLION VR world

David Paul Morris/Bloomberg/Getty Images (L), Nikolas Kokovlis/NurPhoto/Getty Images (BG)

So how do the whistleblowers allegedly know that users’ encrypted messages are easily accessible? They claim that a Meta engineer can simply file a request within their internal system to view a user’s ID and chat history for work purposes. Worse, they claim some celebrities, politicians, and even Meta employees are closely “tracked” by staff for “investigation.” Lastly, the suit claims that Meta tried to prevent this information from reaching the public by isolating workers into specialized groups and forcing them to sign NDAs that threatened legal action should they speak out.

If true, this would mean that practically anyone’s WhatsApp data is viewable by a limited but notable group of people within Meta and, perhaps, some moderators working through Accenture. This data could also theoretically be copied and shared with other groups outside of the company, including advertisers, bad actors, or the government. Note that there is no proof so far that Meta shared users’ information outside of the company, but its sheer accessibility would throw a spotlight on Meta’s promise that no one — including Meta itself — can see your messages.

Naturally, Meta disputes the charges laid out in the lawsuit: “Any claim that people's WhatsApp messages are not encrypted is categorically false and absurd,” the company says. “WhatsApp has been end-to-end encrypted using the Signal protocol for a decade. This lawsuit is a frivolous work of fiction and we will pursue sanctions against plaintiffs’ counsel.”

Should you abandon WhatsApp?

Just like individual people, in the court of law, companies are innocent until proven guilty. A full trial and an investigation into Meta’s encryption practices will need to be conducted before the truth comes to light. Erring on the side of caution, however, open source apps that are subject to public scrutiny and security audits are the only ones that can be tested and proven to do what they promise to do. Whether or not you wish to move away from WhatsApp is a personal choice.That said, both public-facing apps from Signal and Telegram are open source, and they’re built with security protocols that are publicly verifiable. Signal comes with end-to-end encryption enabled from the start. Telegram requires the user to enable end-to-end encryption by starting a Secret Chat. That makes either of these options stronger on private messages and data.