New Delhi: A fresh debate has erupted over the security of popular messaging platforms, with privacy and encryption once again at the center of discussion. This time, the controversy involves messaging app WhatsApp and its end-to-end encryption claims, after Telegram founder and CEO Pavel Durov publicly called it a “giant consumer fraud.”
Durov alleged that nearly 95% of WhatsApp messages eventually end up in cloud backups hosted on Apple and Google servers, often without adequate encryption protection. According to him, the real vulnerability is not in message transmission but in how data is stored after delivery.
“Encryption Works, But Backup Layer Is Weak”
In his statement, Durov argued that WhatsApp’s end-to-end encryption only protects messages while they are being sent. Once users back up their chats to the cloud, the encryption layer no longer fully applies unless manually enabled.
He further claimed that very few users turn on encrypted backups, leaving large volumes of data potentially exposed. Even when encryption is enabled, he suggested that conversations may still be indirectly vulnerable depending on the security practices of contacts who do not activate backup protection.
WhatsApp’s Position: Core Messaging System Is Secure
On the other hand, WhatsApp has consistently maintained that its core messaging system remains fully protected by end-to-end encryption, meaning messages cannot be read during transit, not even by the company itself.
However, cybersecurity experts point out that the debate is not about message transmission but about cloud backups, where security depends heavily on user-controlled settings and external cloud providers.
FCRF Returns With CDPO, Its Premier Data Protection Certification for Privacy Professionals
Encrypted Backups Introduced in 2021
WhatsApp introduced optional end-to-end encrypted backups in 2021, allowing users to secure their chat history using a password or encryption key. Despite this, reports suggest that awareness of the feature remains low, and most users continue using default settings without additional protection.
Legal and Security Concerns Add Pressure
The issue comes amid ongoing legal scrutiny. In January 2026, a class-action lawsuit was filed in San Francisco alleging that internal systems could potentially allow WhatsApp employees limited access to user messages. The company has strongly denied these claims, calling them “false and baseless,” and the case is still under review.
Cybersecurity Experts Weigh In
Experts say the controversy highlights more of a user awareness gap than a technical failure. According to them, end-to-end encryption is effective only when both messaging and backup systems are properly secured.
They also note that while Durov’s concerns raise valid questions, labeling the system as “fraud” may be an overstatement, since the necessary security tools already exist but are not widely used.
Growing Debate on Digital Privacy
The dispute has reignited global discussions on digital privacy, data storage, and cloud security. While messaging platforms continue to emphasize the strength of their encryption systems, concerns about user data exposure and control over personal information are becoming increasingly significant.
