Pavel Durov, the founder and chief executive officer at Telegram

Telegram founder says WhatsApp messages are not secure

In his complaint post on Sunday, Mr Durov said the WhatsApp encryption feature is “giant consumer fraud”, stating that it backs up users' information on other servers.

by · Premium Times

Pavel Durov, the founder and chief executive officer at Telegram, has faulted WhatsApp’s ‘end-to-end encryption’, alleging that WhatsApp messages are not secure.

Mr Durov made the claim in an X post on Sunday, alleging that 95 per cent of private messages on WhatsApp end up in plain-text backups on Apple/Google servers.

Meanwhile, according to the information on the WhatsApp website, the end-to-end encryption is “on by default” so that only the sender and recipient can read messages, and “no one in between” (including WhatsApp) can access them.

The Meta Platforms app, WhatsApp, also explains that when a message is sent, “the only person who can read it” is the intended recipient, and not hackers, governments, or even WhatsApp itself.

“WhatsApp’s end-to-end encryption is used when you chat with another person using WhatsApp Messenger. End-to-end encryption keeps your personal messages and calls between you and the person you’re communicating with.

“No one outside of the chat, not even WhatsApp, can read, listen to, or share them. This is because with end-to-end encryption, your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them.

“All of this happens automatically: no need to turn on any special settings to secure your messages,” WhatsApp stated on its website, saying that the encryption protocol secures messages leaving users’ devices,

Concerns

In his post on Sunday, Mr Durov said the WhatsApp encryption feature is “giant consumer fraud”, stating that it backs up users’ information on other servers.

“WhatsApp’s ‘E2E encryption by default’ claim is a giant consumer fraud: ~95 per cent of private messages on WhatsApp end up in plain-text backups on Apple/Google servers — not E2E-encrypted. Backup encryption is optional, and few people enable it — let alone use strong passwords,” Mr Durov said.

Mr Durov, ex-CEO of VK, said even when users encrypt WhatsApp backups with password, the messages still end up in unencrypted cloud backups if the receivers do not have the same setting on their device.

“Even if you encrypt your WhatsApp backups with a strong password, your messages still end up in unencrypted cloud backups — because 90+ per cent of the people you message haven’t done the same. Add the fact that WhatsApp stores and discloses who you chat with, and the picture is dire,” he said.

The Telegram founder further alleged that Apple and Google disclose backed-up WhatsApp messages to third parties multiple times annually.

“Apple and Google disclose backed-up WhatsApp messages to third parties thousands of times per year. Meanwhile, Telegram hasn’t disclosed a single byte of users’ messages in its entire 12+ year history,” he said.

NCC recommends two-factor authentication to secure WhatsAppThe security feature gives businesses and people the ability to monitor and help safeguard their most vulnerable information and networks, an official saidMary Izuaka, 04 Apr 2023

Mr Durov is not the first to raise concerns about WhatsApp encryption. Many tech experts have raised similar concerns, especially amidst reports that many governments have acquired the technology to be able to access WhatsApp messages of individuals they are interested in.

WhatsApp is used by millions of people across the world, including in Nigeria, many of whom believe that their messages are secure and cannot be read by a third party.

Reacting to Mr Durov’s post, the world’s richest man and owner of X, Elon Musk, said he agreed that WhatsApp messages were not secure. He instead advocated the use of his X platform for secure messaging.

“True, use Chat/DMs instead!” Mr Musk wrote.