WhatsApp Encryption Claims Criticized by Telegram’s Durov

WhatsApp Encryption Claims Criticized by Telegram’s Durov

Posted on By CWS

Accusations of Misleading Encryption Claims

Telegram founder Pavel Durov has strongly criticized WhatsApp’s claims regarding its end-to-end encryption (E2EE), labeling them as a significant consumer deception. He argues that a considerable number of private messages remain unprotected, stored as plain-text backups on platforms like Apple iCloud and Google Drive.

Durov’s assertions, shared on April 9, 2026, highlight that about 95% of WhatsApp messages are susceptible because they are stored outside WhatsApp’s E2EE framework. This situation arises due to a gap that has been a concern for security experts and digital rights advocates.

Understanding the Encryption Loophole

The core of the problem lies in the fact that while messages are encrypted during transmission, their backups are not encrypted by default. WhatsApp provides an option for encrypted backups, but this feature requires manual activation and a strong password or a lengthy encryption key, which most users neglect to use.

Durov emphasizes the issue with WhatsApp’s E2EE structure, which ends at the device level. When users opt for cloud backups, the decrypted messages are stored on Google Drive or iCloud without E2EE unless users specifically enable the encrypted backup option.

This flaw means that entities with access to these cloud services, including Apple, Google, and potentially law enforcement, can access these messages.

Privacy Concerns and Legal Implications

Even if users enable encrypted backups, the privacy is not foolproof. If a user’s conversation partner does not enable the same encryption, the messages remain vulnerable. This inconsistency underscores the limited effectiveness of E2EE backups on a larger scale.

These concerns have led to legal actions, including a class-action lawsuit in the U.S. against Meta, claiming that WhatsApp contains a backdoor allowing access to private messages, contradicting public privacy assurances. Meta has refuted these claims but has not provided a detailed explanation of the alleged vulnerabilities.

Recommendations for Enhanced Security

The Electronic Frontier Foundation (EFF) warns against unencrypted backups due to risks from government requests and unauthorized access. They advise users to enable E2EE backups through WhatsApp settings and to use strong, unique passwords.

Security experts recommend users monitor their contacts’ backup settings and consider alternative messaging apps like Signal for sensitive communications, as it avoids cloud backups by design.

While Durov positions Telegram as a privacy-centric alternative, it’s important to note that only its ‘Secret Chats’ feature uses E2EE by default, making it an imperfect comparison.

Stay updated on cybersecurity topics by following us on Google News, LinkedIn, and X. Contact us to share your stories.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Google Urgently Updates Chrome to Fix Exploited Flaws Google Urgently Updates Chrome to Fix Exploited Flaws Cyber Security News
Key Administrator of World’s Most Popular Dark Web Cybercrime Platform Arrested Key Administrator of World’s Most Popular Dark Web Cybercrime Platform Arrested Cyber Security News
Hackers Can Access Microsoft Teams Chat and Emails by Retrieving Access Tokens Hackers Can Access Microsoft Teams Chat and Emails by Retrieving Access Tokens Cyber Security News
New macOS TCC Bypass Vulnerability Allow Attackers to Access Sensitive User Data New macOS TCC Bypass Vulnerability Allow Attackers to Access Sensitive User Data Cyber Security News
UK Government Sets Timeline to Replace Passwords With Passkeys UK Government Sets Timeline to Replace Passwords With Passkeys Cyber Security News
Wealthsimple Data Breach Exposes Personal Information of Some Users Wealthsimple Data Breach Exposes Personal Information of Some Users Cyber Security News