Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
The Future of Encryption: Top Post-Quantum Cryptography Solutions for 2026
July 3, 2026
Alibaba Bans Internal Use of Claude AI Over Backdoor Concerns
July 3, 2026
Apache ActiveMQ Critical Vulnerabilities Allow DoS Attacks, System Crashes
July 3, 2026
Home/CyberSecurity News/Telegram Founder Pavel Durov Calls WhatsApp’s E2E Claim “Fraud
CyberSecurity News

Telegram Founder Pavel Durov Calls WhatsApp’s E2E Claim “Fraud

Key Takeaways Telegram founder Pavel Durov has accused WhatsApp of “consumer fraud,” claiming its end-to-end encryption (E2EE) is misleading. Durov alleges that approximately 95% of...

Emy Elsamnoudy
Emy Elsamnoudy
April 13, 2026 4 Min Read
36 0

Key Takeaways

  • Telegram founder Pavel Durov has accused WhatsApp of “consumer fraud,” claiming its end-to-end encryption (E2EE) is misleading.
  • Durov alleges that approximately 95% of WhatsApp private messages are stored as unencrypted backups on Apple iCloud and Google Drive.
  • While WhatsApp offers an opt-in encrypted backup feature, it is not enabled by default, leaving most users’ chat histories vulnerable.
  • Security experts and digital rights organizations have long highlighted this “backup gap” as a significant privacy risk.

Pavel Durov, the founder of the messaging platform Telegram, has publicly leveled a serious accusation against WhatsApp, branding its widely advertised end-to-end encryption (E2EE) as “the biggest consumer fraud in history.” Durov asserts that this misrepresentation leaves the private communications of billions of users vulnerable due to unencrypted cloud backups.

Table Of Content

  • Key Takeaways
  • The Critical Security Risk of the Backup Gap
  • What You Should Do

In a post published on April 9, 2026, Durov claimed that a staggering 95% of private messages exchanged on WhatsApp ultimately reside as plain-text files on Apple iCloud and Google Drive servers. This storage, he argues, falls entirely outside the protective scope of WhatsApp’s E2EE architecture.

The core of Durov’s argument revolves around a long-identified structural vulnerability that security researchers and digital rights advocates have been flagging for years. While WhatsApp ensures messages are encrypted during transit between users, cloud backups of these conversations are not encrypted by default.

WhatsApp does provide an optional feature for encrypted backups. However, users must actively navigate to their app settings to enable it and then establish either a robust password or a 64-digit encryption key. Durov contends that the vast majority of users never activate this safeguard, and even fewer implement passwords strong enough to adequately protect their backups.

WhatsApp’s “E2E encryption by default” claim is a giant consumer fraud: ~95% of private messages on WhatsApp end up in plain-text backups on Apple/Google servers — not E2E-encrypted. Backup encryption is optional, and few people enable it — let alone use strong passwords.

— Pavel Durov (@durov) April 12, 2026

The Critical Security Risk of the Backup Gap

From a technical perspective, the vulnerability originates from how WhatsApp’s E2EE architecture terminates at the device level. When a user opts for cloud backup, a feature often enabled by default, the decrypted message history is exported to either Google Drive or Apple iCloud. Here, it is stored without end-to-end encryption unless the user has explicitly configured and activated the E2EE backup option.

As highlighted by Wire’s security blog, “If you back up your WhatsApp messages to Google Drive or iCloud, those backups are not protected by WhatsApp’s end-to-end encryption unless you explicitly enable encrypted backups, which is off by default.”

This critical oversight implies that Apple, Google, and potentially law enforcement agencies or malicious actors who gain access to these cloud platforms, could read these unencrypted backups.

Durov further emphasized a compounding privacy issue: even if an individual user activates encrypted backups, their conversation partners, who may not have taken the same precaution, will generate their own unencrypted cloud copies of the shared conversation. This dynamic, he argues, significantly diminishes the overall effectiveness of individual E2EE backup adoption.

These allegations are not exclusive to Durov. A class-action lawsuit filed in the U.S. against Meta claims that WhatsApp contains a backdoor, allowing Meta employees and third-party entities access to private user messages. This directly contradicts WhatsApp’s public commitments to user privacy.

Meta has publicly dismissed these claims as “false and absurd” but has yet to offer a detailed technical rebuttal specifically addressing the identified vulnerability in its backup architecture.

The Electronic Frontier Foundation (EFF) has consistently warned about the dangers of unencrypted backups, stating they “are vulnerable to government requests, third-party hacking, and disclosure by Apple or Google employees.” The EFF has also routinely advised users against backing up secure messenger conversations to cloud services.

Durov positions Telegram as the privacy-centric alternative, asserting that it “has never disclosed a single byte of users’ messages in its 12+ year history.” However, security experts note that Telegram’s standard chats are not end-to-end encrypted by default; only its “Secret Chats” feature utilizes E2EE, making it an imperfect counterexample in its own right.

What You Should Do

  • Navigate to WhatsApp Settings → Chats → Chat Backup → End-to-end Encrypted Backup and enable this feature.
  • When setting up encrypted backups, use a strong, unique password, not a simple PIN or biometric shortcut.
  • Be aware that even if you enable encrypted backups, your conversations may still be exposed if your contacts have not enabled the same protection on their end.
  • For highly sensitive communications, consider using messaging apps like Signal, which do not support cloud backup of message history by design.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

SecurityVulnerability

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

OpenAI Warns macOS Users to Update ChatGPT and Codex Immediately

Next Post

Critical WordPress Plugin Bug Lets Attackers Bypass Auth, Gain Admin Access

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Nebula AI Platform Automates Pen Testing to Find Vulnerabilities
July 3, 2026
PureLog Stealer Uses Blogspot and PowerShell to Deliver Malware
July 3, 2026
FBI Warns TeamPCP Hackers Exploit Developer Tools in Supply Chain Attacks
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us