Pavel Durov, founder and chief executive of Telegram, has criticised the security of WhatsApp, claiming that most user messages may not be as protected as widely believed — an assertion the company disputes.
In a post published Sunday on social media platform X, Durov described WhatsApp’s end-to-end encryption as a “giant consumer fraud,” alleging that a significant portion of private messages are ultimately stored in unencrypted cloud backups.
He claimed that around 95 percent of WhatsApp messages end up in plain-text backups hosted on servers operated by Apple and Google, arguing that this undermines the platform’s core privacy assurances.
“Backup encryption is optional, and few people enable it — let alone use strong passwords,” Durov said, adding that even when one user enables encrypted backups, messages could still be exposed if recipients do not apply similar protections on their own devices.
WhatsApp, owned by Meta Platforms, maintains that its end-to-end encryption system ensures that only the sender and recipient can read messages sent through the platform.
More Read
According to information published on its website, the feature is enabled by default and prevents third parties — including WhatsApp itself — from accessing the content of communications.
“With end-to-end encryption, your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them,” the company says, adding that messages are protected as they travel between devices.
However, the debate highlights a key distinction often raised by cybersecurity experts between messages in transit and data stored in backups.
More Read
While end-to-end encryption protects messages as they are sent and received, backups stored on cloud services may not always be encrypted unless users explicitly activate additional security settings.
Durov also alleged that Apple and Google comply with thousands of requests annually to disclose user data from cloud backups, though he did not provide specific evidence to support the claim.
He contrasted this with Telegram, saying the platform had “not disclosed a single byte” of user messages in its more than 12 years of operation — a claim that could not be independently verified.
The remarks add to longstanding concerns among privacy advocates about messaging security, particularly as governments worldwide increasingly seek access to digital communications for law enforcement and national security purposes.
Elon Musk, owner of X, voiced support for Durov’s criticism, saying he agreed that WhatsApp messages were not secure and promoting X as an alternative platform for private communication.
WhatsApp remains one of the world’s most widely used messaging services, with billions of users globally, including across Africa, where it is a dominant tool for both personal and business communication.
More Read
Analysts note that despite recurring debates over privacy, user behaviour — such as enabling secure backups and using strong passwords — plays a crucial role in determining how well messages are protected.
They add that while no digital platform can guarantee absolute security, awareness of how features like cloud backups function is essential for users seeking to safeguard sensitive information.
