WhatsApp Denies Lawsuit: Messages Remain Encrypted &
WhatsApp has vehemently rejected a recent class-action lawsuit. The legal action accuses parent company Meta of covertly accessing users’ end-to-end encrypted messages, claims WhatsApp...
WhatsApp has vehemently rejected a recent class-action lawsuit. The legal action accuses parent company Meta of covertly accessing users’ end-to-end encrypted messages, claims WhatsApp dismisses as false and without foundation.
The messaging giant reiterated that messages remain private through device-based encryption via the open-source Signal protocol.
A class-action complaint filed on January 23, 2026, in the U.S. District Court for the Northern District of California alleges Meta Platforms misleads over 2 billion WhatsApp users worldwide by promoting unbreakable end-to-end encryption (E2EE).
Plaintiffs from Australia, Brazil, India, Mexico, and South Africa claim WhatsApp stores chat contents post-delivery, analyzes them internally, and grants employee access via simple “task” requests to engineers, citing unnamed whistleblowers.
No code samples, logs, or technical proof accompany these assertions, which challenge marketing statements like Mark Zuckerberg’s 2014 claims and app prompts assuring only recipients can read messages.
The suit seeks unspecified damages and global class certification under U.S., Canadian, or European terms, potentially impacting users in 180 countries.
WhatsApp’s Firm Denial
Meta spokesperson Andy Stone dismissed the allegations as “categorically false and absurd,” emphasizing WhatsApp’s decade-long use of the audited Signal protocol prevents company access to message contents. WhatsApp stated: “Your WhatsApp messages are private. We use the open-source Signal protocol to encrypt them.
Encryption happens on your device; messages are encrypted before leaving your device. Only the intended recipient has the keys to decrypt messages. The message encryption keys are not accessible to WhatsApp or Meta. Any claims to the contrary are false.”
The company plans to seek sanctions against plaintiffs’ counsel from Quinn Emanuel Urquhart & Sullivan and others, calling the suit a “frivolous work of fiction.”
WhatsApp implements the Signal protocol, an open-source standard providing forward secrecy and post-compromise security through the Double Ratchet algorithm.
Encryption occurs client-side using Curve25519 for key exchange, AES-256 in CBC mode for payloads, and HMAC-SHA256 for integrity, ensuring servers like Meta’s handle only ciphertext.
| Feature | Description | Security Benefit |
|---|---|---|
| Identity Keys | Long-term Curve25519 public/private pairs per device | Establishes initial session uniqueness |
| Prekeys & One-Time Prekeys | Ephemeral keys for asynchronous setup | Enables key agreement without online presence |
| Double Ratchet | Symmetric + Diffie-Hellman ratchets | Provides forward secrecy; past keys unusable if compromised |
| Message Keys | Random per-message AES-256 keys | Ephemeral; derived from chain keys |
| Group Sender Keys | Fan-out encryption to members | Secure multicast without central decryption i |
Independent audits since 2016 confirm no backdoors, though optional cloud backups (e.g., iCloud) transmit unencrypted copies if enabled.
This lawsuit echoes ongoing debates on E2EE limitations like metadata collection and backup risks, without evidence of content breaches.
Security experts recommend encrypted backups and VPNs for metadata protection, while proprietary implementations face scrutiny versus fully open alternatives like the Signal app.
As litigation advances, it may spur greater transparency in WhatsApp’s privacy reports, but the protocol’s math-resistant design upholds claims against unsubstantiated access allegations.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.