WhatsApp Encryption Claims Criticized by Telegram’s Durov

WhatsApp Encryption Claims Criticized by Telegram’s Durov

Posted on By CWS

Accusations of Misleading Encryption Claims

Telegram founder Pavel Durov has strongly criticized WhatsApp’s claims regarding its end-to-end encryption (E2EE), labeling them as a significant consumer deception. He argues that a considerable number of private messages remain unprotected, stored as plain-text backups on platforms like Apple iCloud and Google Drive.

Durov’s assertions, shared on April 9, 2026, highlight that about 95% of WhatsApp messages are susceptible because they are stored outside WhatsApp’s E2EE framework. This situation arises due to a gap that has been a concern for security experts and digital rights advocates.

Understanding the Encryption Loophole

The core of the problem lies in the fact that while messages are encrypted during transmission, their backups are not encrypted by default. WhatsApp provides an option for encrypted backups, but this feature requires manual activation and a strong password or a lengthy encryption key, which most users neglect to use.

Durov emphasizes the issue with WhatsApp’s E2EE structure, which ends at the device level. When users opt for cloud backups, the decrypted messages are stored on Google Drive or iCloud without E2EE unless users specifically enable the encrypted backup option.

This flaw means that entities with access to these cloud services, including Apple, Google, and potentially law enforcement, can access these messages.

Privacy Concerns and Legal Implications

Even if users enable encrypted backups, the privacy is not foolproof. If a user’s conversation partner does not enable the same encryption, the messages remain vulnerable. This inconsistency underscores the limited effectiveness of E2EE backups on a larger scale.

These concerns have led to legal actions, including a class-action lawsuit in the U.S. against Meta, claiming that WhatsApp contains a backdoor allowing access to private messages, contradicting public privacy assurances. Meta has refuted these claims but has not provided a detailed explanation of the alleged vulnerabilities.

Recommendations for Enhanced Security

The Electronic Frontier Foundation (EFF) warns against unencrypted backups due to risks from government requests and unauthorized access. They advise users to enable E2EE backups through WhatsApp settings and to use strong, unique passwords.

Security experts recommend users monitor their contacts’ backup settings and consider alternative messaging apps like Signal for sensitive communications, as it avoids cloud backups by design.

While Durov positions Telegram as a privacy-centric alternative, it’s important to note that only its ‘Secret Chats’ feature uses E2EE by default, making it an imperfect comparison.

Stay updated on cybersecurity topics by following us on Google News, LinkedIn, and X. Contact us to share your stories.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Jenkins Servers Exploited in DDoS Attacks on Valve Games Jenkins Servers Exploited in DDoS Attacks on Valve Games Cyber Security News
FortiOS Flaw Allows Bypass of LDAP Authentication FortiOS Flaw Allows Bypass of LDAP Authentication Cyber Security News
SeaFlower Campaign Targets Web3 Wallets: A Closer Look SeaFlower Campaign Targets Web3 Wallets: A Closer Look Cyber Security News
OpenAI Introduces GPT-5.4-Cyber with Advanced Security Features OpenAI Introduces GPT-5.4-Cyber with Advanced Security Features Cyber Security News
WhatsApp Introduces Passkey Encryption for Enhanced Chat Message Backup Security WhatsApp Introduces Passkey Encryption for Enhanced Chat Message Backup Security Cyber Security News
CISA Releases 13 New Industrial Control Systems Surrounding Vulnerabilities and Exploits CISA Releases 13 New Industrial Control Systems Surrounding Vulnerabilities and Exploits Cyber Security News