Meta accused of reading WhatsApp messages, but without concrete evidence

WhatsApp faces a new class action lawsuit in the United States. She accuses Meta of having internal tools capable of accessing the content of messages despite the promise of end-to-end encryption. Cryptographers and lawyers specializing in privacy believe that the case lacks, for the moment, solid technical evidence.

A complaint that attacks the central promise of WhatsApp

The suit was filed in federal court in California. She maintains that the Metaverse company and WhatsApp have internal mechanisms allowing employees to access private messages. However, the company repeats that it cannot read them.

The choice of perimeter is telling. The plaintiffs have been targeting non-American and non-European users since 2016. The latter have profiles cited in particular from Australia, Brazil, India, Mexico and South Africa. We understand the intention: to strike where WhatsApp is a daily reflex, and not just one app among others.

The text also advances an almost psychological argument. This is because the entire infrastructure is not open source and therefore difficult to audit independently. Therefore, the user must “trust” Meta’s statements. The complaint thus mixes technical and commercial relations, adding private law grievances such as breach of contract and unfair competition.

Why cryptographers raise an eyebrow

On the technical side, the experts interviewed do not see an obvious path for Meta to “routinely” read plaintext messages on a large scale, as the complaint insinuates. It's not impossible in theory, but it would require a mechanism that leaves traces. However, the file does not present any specific element of this type.

Matthew Green, professor of cryptography at Johns Hopkins, points to a more mundane but more plausible explanation: cloud backups not end-to-end encrypted. If messages are stored at Google or Apple in usable backups, exposure can come from there, without WhatsApp “breaking” its own encryption.

Nick Doty of the Center for Democracy and Technology adopts methodological caution. He points out that a proprietary system does not offer total visibility to external observers. But he said he would be “very surprised” if the accusations were true. It highlights a key point: messages can be exposed without breaking encryption, through a compromised device or other avenues.

The place where the law requires more than suspicion

On the legal ground, the criticism is less spectacular but more trenchant. The complaint seems light on concrete facts about the software itself. Maria Villegas Bravo, an attorney at the Electronic Privacy Information Center, says she doesn't see any factual allegations about how the code actually works, and wants answers before letting the case go any further.

This is often where collective actions win or die. At the very beginning, the judge does not decide “right from wrong” like in a film. Above all, he checks whether the accusation is sufficiently detailed to justify a judicial investigation. If history resembles a hypothesis without a pattern, without a trace, without a demonstration, it can stop dead in its tracks.

And this is precisely what the experts criticize. Indeed, the accusation is aimed at something enormous, a mass reading. The bigger the promise, the more precise the proof must be. Otherwise, the trial turns into an opinion debate about trust in Meta, rather than a verifiable question about a security architecture.

The case also attracts interested comments. Pavel Durov, boss of Telegram, sees this as confirmation of past criticism against WhatsApp. Elon Musk, for his part, claims that “WhatsApp is not secure” and pushes his own encrypted messaging on X. In both cases, the statements remain unsubstantiated and specialists warn against confusing marketing and proof.