WhatsApp has publicly denied allegations that its staff and contractors can access users’ encrypted messages, calling the claims false and technically impossible. The denial comes amid reports of a US government probe into the company’s privacy practices and a class-action lawsuit accusing Meta of misleading users about the security of their communications.
In a post on X (formerly Twitter), WhatsApp stated, “This is false. The US Bureau of Industry and Security has disavowed this purported investigation, calling its own employee’s allegations unsubstantiated. What these individuals claim is not possible because WhatsApp, including contractors, cannot access people’s encrypted communications.” The statement was in direct response to a viral post highlighting accusations from former Meta contractors who claimed “unfettered” access to WhatsApp chats, contradicting the app’s long-standing promise of end-to-end encryption (E2EE).
WhatsApp E2E encryption controversy: Where and how it emerged
The controversy comes from a Bloomberg report revealing that US law enforcement, specifically special agents from the Department of Commerce, had been examining these claims based on interviews with former contractors and internal records. One contractor alleged that Meta personnel could bypass encryption to view messages, prompting scrutiny from the Commerce Department’s Bureau of Industry and Security (BIS).
However, WhatsApp stated in its denial that the BIS has since rejected the validity of the probe, labelling the underlying employee’s complaints as baseless. Adding fuel to the fire, a class-action lawsuit filed in a San Francisco federal court on January 25 accuses Meta and WhatsApp of fraudulently misrepresenting their E2EE features. The suit, brought by plaintiffs from countries including Australia, Mexico, and South Africa, relies on accounts from unnamed “courageous whistleblowers” who describe an internal Meta system allowing employees to request and gain access to users’ messages via a simple “task” submission.
According to the complaint, this access occurs without additional decryption and is often granted with minimal oversight, enabling real-time and historical message viewing. The lawsuit alleges violations of US federal laws like the Wiretap Act, as well as California privacy statutes, and seeks damages for affected users worldwide.
These allegations build on earlier whistleblower disclosures, including a 2024 complaint to the US Securities and Exchange Commission (SEC) and a 2025 lawsuit by WhatsApp’s former head of security, Attaullah Baig. Baig claimed that approximately 1,500 engineers had unrestricted access to sensitive user data like contacts and IP addresses, in potential violation of a 2020 Federal Trade Commission (FTC) privacy order. While these earlier claims focused more on metadata than message content, they have eroded public trust in Meta’s handling of user data.
Meta’s response to these allegations
Meta has consistently dismissed these accusations as “absurd” and unfounded. Spokesperson Andy Stone told media outlets, “Any claim that people’s WhatsApp messages are not encrypted is categorically false and absurd.” The company reiterated that WhatsApp employs the Signal protocol for true E2EE, ensuring that only senders and recipients can read messages, with no access possible for Meta staff, contractors, or even governments. WhatsApp’s privacy policy and marketing materials have long promoted this feature, positioning the app as a secure alternative to traditional SMS.
Public reaction on social media has been skeptical, with many users expressing doubt over WhatsApp’s assurances. Replies to the company’s X post included comments questioning trust in the platform. Elon Musk, CEO of X, weighed in indirectly by promoting his platform’s chat features as a more trustworthy alternative.