One of WhatsApp’s claims to fame is its end-to-end encryption (EE2E)—it implemented this most secure version of encryption early on, long before most people thought about the privacy of their messages. But recently, Texas challenged the app’s claim of EE2E, claiming Meta can read user messages as plaintext. The state’s attorney general filed a complaint in mid-May, alleging WhatsApp (and parent company Meta) has access to all of its users’ communication. If true, WhatsApp would have misled its users for years.
But here’s my hot take: No one should ever treat encrypted apps as foolproof. And so by extension, this claim doesn’t really matter.
Using encryption is smart, of course. Everyone’s better off when it’s a default across all apps—it helps keeps you from becoming easier prey for bad actors. Data is being stolen constantly these days, and then used to build profiles for more personalized scams and other attacks. You should want to pre-emptively shield your info from hackers and other prying eyes. Even when you’re careful, someone else you know may not be. Your association with them could expose you to more risk.
But treating any encrypted app, even when EE2E is promised, as infallible is a mistake. That applies equally to WhatsApp and other messaging apps as much as encryption features in Windows. Vulnerabilities are always a possibility—a fact made very real recently when the YellowKey exploit for BitLocker was made public. It serves as a sharp reminder that even Microsoft, with all of its resources, can’t always implement encryption perfectly.
Chris Hoffman / Foundry
To be fully protected, you have to still think ahead—in this case, storing particularly sensitive files in encrypted folders or containers you control, like through VeraCrypt or Cryptomator. Even then, layering your protection is never a guarantee. You still have to think carefully about what you’re saving, storing, or sharing.
False representation is always concerning, particularly if you’ve trusted an app to keep sensitive messages, photos, and video clips secure. In this case, experts interviewed by Ars Technica currently believe that the Texas attorney general’s claims are unfounded. WhatsApp has been analyzed over the years, and nothing that would substantiate the legal complaint has been found. So while it’s not impossible that a backdoor could exist, it currently seems unlikely.
Overall, my advice when communicating or saving data is to ask yourself: How upset/stressed/panicked would I be if stolen by an unknown person or if it went public? Choose what you say and what you upload (or save locally) accordingly. I often think about the adage “Two people can keep a secret if one person is dead.” Saved data can’t die.