A new class-action lawsuit accuses Meta Platforms of misleading billions of WhatsApp users by claiming their messages are protected by unbreakable end-to-end encryption.
Filed in the San Francisco federal court, the suit alleges the company secretly stores, analyzes, and grants employee access to chat contents via internal tools.
Plaintiffs from Australia, Brazil, India, Mexico, and South Africa represent over 2 billion WhatsApp users across 180 countries, seeking unspecified damages for privacy fraud.
The complaint, filed last Friday in U.S. District Court for the Northern District of California, cites unnamed whistleblowers who exposed these practices but provides no technical evidence like code samples or logs.
Lawyers from Quinn Emanuel Urquhart & Sullivan, Keller Postman, and Barnett Legal aim to certify it as a global class action, potentially affecting users under U.S., Canadian, or European WhatsApp terms.
Core Allegations
The suit challenges WhatsApp’s marketing, including Mark Zuckerberg’s 2014 statements and app prompts asserting “messages and calls are end-to-end encrypted” so only chat participants can read them.
Plaintiffs claim Meta defrauds users by accessing “the substance of their communications,” which could reveal personal health data or intimate details that cannot be verified without metadata alone.
They argue that unencrypted metadata can identify users, but that stored message content undermines psychological well-being in digital relationships.
| Allegation | Details from Complaint |
|---|---|
| Message Storage | Meta stores chats post-delivery for analysis. |
| Employee Access | Internal tools let staff read “private” messages. |
| Whistleblower Insight | Unnamed sources reveal decryption capabilities. |
| Global Impact | Affects 3 billion users; seeks class certification. |
Meta spokesperson Andy Stone called the claims “categorically false and absurd,” noting WhatsApp’s end-to-end encryption via the audited Signal Protocol since 2016 prevents company access.
“WhatsApp has been end-to-end encrypted using the Signal protocol for a decade. This lawsuit is a frivolous work of fiction,” Stone stated, adding that Meta will pursue sanctions against plaintiffs’ counsel. The company emphasizes no message storage after delivery and privacy as a priority.
While E2EE secures transit, known gaps like optional cloud backups (iCloud/Google Drive) transmit unencrypted copies, enabling access if legally compelled. Metadata collection of who messages whom, when, tracks behavior without content decryption.
This early-stage case echoes debates on Signal Protocol audits (independent verifications confirm integrity) versus real-world threats like backup flaws or supply-chain risks. No breach evidence surfaced, but it underscores user skepticism amid rising surveillance concerns.
Security experts advise enabling encrypted backups and minimizing metadata via VPNs, though mass litigation could pressure transparency reports. The suit highlights tensions in proprietary E2EE versus open-source alternatives like Signal.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
