Both the founders of WhatsApp and current owner Meta state that the app uses end-to-end encryption, meaning that nobody outside the chat can access the content. A lawsuit claims that this isn’t true and that anyone inside Meta can get full access to all of the messages sent or received by any WhatsApp user.
Johns Hopkins University professor and cryptographer Matthew Green has weighed in with a blog post analyzing the claims and likely reality …
WhatsApp end-to-end encryption (E2EE)
WhatsApp founders Jan Koum and Brian Acton specifically built the messaging app around end-to-end encryption (E2EE), with governments and law enforcement expressing concerns at this at the time that they would have no access to the content.
E2EE means that only the chat participants have access to the keys needed to decrypt the content of the messages. While those messages are sent via WhatsApp servers, this happens in encrypted form and there should be no way for the company to be able to decrypt the data.
Lawsuit claims the encryption is a lie
A class action lawsuit, however, claims that this is a lie and WhatsApp does not in fact use E2EE.
Meta’s and WhatsApp’s claim that they do not have access to the substance of WhatsApp users’ communications is false. As the whistleblowers here have explained, WhatsApp and Meta store and have unlimited access to WhatsApp encrypted communications, and the process for Meta workers to obtain that access is quite simple. A worker need only send a “task” (i.e., request via Meta’s internal system) to a Meta engineer with an explanation that they need access to WhatsApp messages for their job. The Meta engineering team will then grant access [and then] they can read users’ messages […] Messages appear almost as soon as they are communicated—essentially, in real-time. Moreover, access is unlimited in temporal scope, with Meta workers able to access messages from the time users first activated their accounts, including those messages users believe they have deleted.
Those are pretty mind-blowing claims, and it would be one of the biggest privacy scandals in tech if found to be true.
Johns Hopkins University professor weighs in
... continue reading