A new class-action lawsuit accusing Meta of surreptitiously accessing users' end-to-end encrypted messages has been vehemently rejected by WhatsApp, which called the allegations baseless and untrue This article explores said whatsapp encrypt. . The messaging behemoth reaffirmed that device-based encryption using the open-source Signal protocol keeps messages private.

According to a class-action lawsuit filed in the U.S. District Court for the Northern District of California on January 23, 2026, Meta Platforms deceives more than 2 billion WhatsApp users globally by endorsing unbreakable end-to-end encryption (E2EE). Learn more Software for detecting malware Modules for hardware security Password managers: Citing anonymous whistleblowers, plaintiffs from Australia, Brazil, India, Mexico, and South Africa allege that WhatsApp stores chat contents after delivery, analyzes them internally, and allows employee access through straightforward "task" requests to engineers.

These claims, which contradict marketing claims like Mark Zuckerberg's 2014 claims and app prompts guaranteeing only recipients can read messages, are unsupported by code samples, logs, or technical evidence. The lawsuit, which could affect users in 180 countries, seeks global class certification under U.S., Canadian, or European terms and unspecified damages. Andy Stone, a spokesperson for WhatsApp's Firm Denial Meta, rejected the accusations as "categorically false and absurd," highlighting the fact that the company is unable to access message contents due to WhatsApp's ten-year use of the audited Signal protocol.

"Your WhatsApp messages are private," said WhatsApp. We encrypt them using the open-source Signal protocol. Messages are encrypted on your device before they leave it. The keys to decrypt messages are only available to the intended recipient.

WhatsApp and Meta are unable to access the message encryption keys. Any assertions to the contrary are untrue. Calling the lawsuit a "frivolous work of fiction," the company intends to pursue sanctions against Quinn Emanuel Urquhart & Sullivan and other plaintiffs' attorneys.

Find more secure messaging applications. The Signal protocol, an open-source standard that offers forward secrecy and post-compromise security via the Double Ratchet algorithm, is implemented by the Windows security software WhatsApp. To ensure that servers like Meta's handle only ciphertext, encryption takes place client-side using Curve25519 for key exchange, AES-256 in CBC mode for payloads, and HMAC-SHA256 for integrity.

Description of Features Safety Advantage Keys of Identity Long-Term CurveEach device has 25519 public/private pairs. establishes the uniqueness of the first session Prekeys and One-Time Prekeys Temporary keys for asynchronous configuration allows for key agreement without being online. Diffie-Hellman + Double Ratchet Symmetric ratchets ensures forward secrecy; if compromised, previous keys are useless.

Keys for Messages Per-message random AES-256 keys Ephemeral; derived from chain keys Group Sender Keys Fan-out encryption to members Secure multicast without central decryption i Independent audits since 2016 confirm no backdoors, though optional cloud backups (e.g., iCloud) transmit unencrypted copies if enabled. This lawsuit echoes ongoing debates on E2EE limitations like metadata collection and backup risks, without evidence of content breaches.

For metadata protection, security experts advise encrypted backups and VPNs; proprietary implementations are scrutinized in comparison to fully open alternatives such as the Signal app. WhatsApp's privacy reports may become more transparent as litigation progresses, but claims against unsupported access allegations are upheld by the protocol's math-resistant design. For daily cybersecurity updates, see LinkedIn and X.

To have your stories featured, get in touch with us.