Telegram Founder Pavel Durov Calls WhatsApp’s E2E Claim “Fraud
Key Takeaways Telegram founder Pavel Durov has accused WhatsApp of “consumer fraud,” claiming its end-to-end encryption (E2EE) is misleading. Durov alleges that approximately 95% of...
Key Takeaways
- Telegram founder Pavel Durov has accused WhatsApp of “consumer fraud,” claiming its end-to-end encryption (E2EE) is misleading.
- Durov alleges that approximately 95% of WhatsApp private messages are stored as unencrypted backups on Apple iCloud and Google Drive.
- While WhatsApp offers an opt-in encrypted backup feature, it is not enabled by default, leaving most users’ chat histories vulnerable.
- Security experts and digital rights organizations have long highlighted this “backup gap” as a significant privacy risk.
Pavel Durov, the founder of the messaging platform Telegram, has publicly leveled a serious accusation against WhatsApp, branding its widely advertised end-to-end encryption (E2EE) as “the biggest consumer fraud in history.” Durov asserts that this misrepresentation leaves the private communications of billions of users vulnerable due to unencrypted cloud backups.
Table Of Content
In a post published on April 9, 2026, Durov claimed that a staggering 95% of private messages exchanged on WhatsApp ultimately reside as plain-text files on Apple iCloud and Google Drive servers. This storage, he argues, falls entirely outside the protective scope of WhatsApp’s E2EE architecture.
The core of Durov’s argument revolves around a long-identified structural vulnerability that security researchers and digital rights advocates have been flagging for years. While WhatsApp ensures messages are encrypted during transit between users, cloud backups of these conversations are not encrypted by default.
WhatsApp does provide an optional feature for encrypted backups. However, users must actively navigate to their app settings to enable it and then establish either a robust password or a 64-digit encryption key. Durov contends that the vast majority of users never activate this safeguard, and even fewer implement passwords strong enough to adequately protect their backups.
WhatsApp’s “E2E encryption by default” claim is a giant consumer fraud: ~95% of private messages on WhatsApp end up in plain-text backups on Apple/Google servers — not E2E-encrypted. Backup encryption is optional, and few people enable it — let alone use strong passwords.
— Pavel Durov (@durov) April 12, 2026
The Critical Security Risk of the Backup Gap
From a technical perspective, the vulnerability originates from how WhatsApp’s E2EE architecture terminates at the device level. When a user opts for cloud backup, a feature often enabled by default, the decrypted message history is exported to either Google Drive or Apple iCloud. Here, it is stored without end-to-end encryption unless the user has explicitly configured and activated the E2EE backup option.
As highlighted by Wire’s security blog, “If you back up your WhatsApp messages to Google Drive or iCloud, those backups are not protected by WhatsApp’s end-to-end encryption unless you explicitly enable encrypted backups, which is off by default.”
This critical oversight implies that Apple, Google, and potentially law enforcement agencies or malicious actors who gain access to these cloud platforms, could read these unencrypted backups.
Durov further emphasized a compounding privacy issue: even if an individual user activates encrypted backups, their conversation partners, who may not have taken the same precaution, will generate their own unencrypted cloud copies of the shared conversation. This dynamic, he argues, significantly diminishes the overall effectiveness of individual E2EE backup adoption.
These allegations are not exclusive to Durov. A class-action lawsuit filed in the U.S. against Meta claims that WhatsApp contains a backdoor, allowing Meta employees and third-party entities access to private user messages. This directly contradicts WhatsApp’s public commitments to user privacy.
Meta has publicly dismissed these claims as “false and absurd” but has yet to offer a detailed technical rebuttal specifically addressing the identified vulnerability in its backup architecture.
The Electronic Frontier Foundation (EFF) has consistently warned about the dangers of unencrypted backups, stating they “are vulnerable to government requests, third-party hacking, and disclosure by Apple or Google employees.” The EFF has also routinely advised users against backing up secure messenger conversations to cloud services.
Durov positions Telegram as the privacy-centric alternative, asserting that it “has never disclosed a single byte of users’ messages in its 12+ year history.” However, security experts note that Telegram’s standard chats are not end-to-end encrypted by default; only its “Secret Chats” feature utilizes E2EE, making it an imperfect counterexample in its own right.
What You Should Do
- Navigate to WhatsApp Settings → Chats → Chat Backup → End-to-end Encrypted Backup and enable this feature.
- When setting up encrypted backups, use a strong, unique password, not a simple PIN or biometric shortcut.
- Be aware that even if you enable encrypted backups, your conversations may still be exposed if your contacts have not enabled the same protection on their end.
- For highly sensitive communications, consider using messaging apps like Signal, which do not support cloud backup of message history by design.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.