Accusations of Misleading Encryption Claims
Telegram founder Pavel Durov has strongly criticized WhatsApp’s claims regarding its end-to-end encryption (E2EE), labeling them as a significant consumer deception. He argues that a considerable number of private messages remain unprotected, stored as plain-text backups on platforms like Apple iCloud and Google Drive.
Durov’s assertions, shared on April 9, 2026, highlight that about 95% of WhatsApp messages are susceptible because they are stored outside WhatsApp’s E2EE framework. This situation arises due to a gap that has been a concern for security experts and digital rights advocates.
Understanding the Encryption Loophole
The core of the problem lies in the fact that while messages are encrypted during transmission, their backups are not encrypted by default. WhatsApp provides an option for encrypted backups, but this feature requires manual activation and a strong password or a lengthy encryption key, which most users neglect to use.
Durov emphasizes the issue with WhatsApp’s E2EE structure, which ends at the device level. When users opt for cloud backups, the decrypted messages are stored on Google Drive or iCloud without E2EE unless users specifically enable the encrypted backup option.
This flaw means that entities with access to these cloud services, including Apple, Google, and potentially law enforcement, can access these messages.
Privacy Concerns and Legal Implications
Even if users enable encrypted backups, the privacy is not foolproof. If a user’s conversation partner does not enable the same encryption, the messages remain vulnerable. This inconsistency underscores the limited effectiveness of E2EE backups on a larger scale.
These concerns have led to legal actions, including a class-action lawsuit in the U.S. against Meta, claiming that WhatsApp contains a backdoor allowing access to private messages, contradicting public privacy assurances. Meta has refuted these claims but has not provided a detailed explanation of the alleged vulnerabilities.
Recommendations for Enhanced Security
The Electronic Frontier Foundation (EFF) warns against unencrypted backups due to risks from government requests and unauthorized access. They advise users to enable E2EE backups through WhatsApp settings and to use strong, unique passwords.
Security experts recommend users monitor their contacts’ backup settings and consider alternative messaging apps like Signal for sensitive communications, as it avoids cloud backups by design.
While Durov positions Telegram as a privacy-centric alternative, it’s important to note that only its ‘Secret Chats’ feature uses E2EE by default, making it an imperfect comparison.
Stay updated on cybersecurity topics by following us on Google News, LinkedIn, and X. Contact us to share your stories.
