WhatsApp end-to-end encryption lawsuit skepticism has emerged after a proposed class action accuses Meta of accessing WhatsApp messages and amid WhatsApp’s roughly three billion users.
Cryptographers and privacy lawyers have expressed skepticism about the claims and raised technical and evidentiary questions. Technologists consulted said there is no clear technical path for Meta to routinely access the plaintext of WhatsApp messages. The complaint is said to be light on factual detail about WhatsApp’s actual software.
Matthew Green said the only realistic path would be through unencrypted cloud backups stored with Google or Apple, and he added that backdoors would generally be detectable by reverse-engineering; the plaintiffs’ lack of specifics weakens the case.
Nick Doty said outsiders lack full visibility into proprietary messaging systems and that he would be surprised if the claims are accurate, and he noted that encryption is not a cure-all because malware or user reporting can expose messages even without breaking encryption.
Observers also noted the timing of the complaint as it arrives while WhatsApp is litigating against NSO Group, which is described in the record as the spyware maker behind Pegasus.
Maria Villegas Bravo said she was not seeing factual allegations or information about the actual software and said she had many questions before the lawsuit should proceed.
Technologist Matthew Green said there is no clear technical path for Meta to routinely access the plaintext of WhatsApp messages, and he identified unencrypted cloud backups with Google or Apple as the only realistic mechanism he saw for such access. He noted that “backdoors in an app are always theoretically possible,” but added that “they’d generally be detectable by reverse-engineering the app. The fact that the plaintiffs don’t demonstrate or claim anything specific is a pretty good sign that they don’t know of a backdoor, because finding a flaw like that would make their case a lot stronger.” Green’s remarks emphasize the absence of specific factual allegations about WhatsApp’s software in the complaint and characterize that absence as weakening the plaintiffs’ position.
Nick Doty cautioned that outsiders lack full visibility into proprietary messaging systems and said he would be “very surprised if the claims are accurate.” He observed that the brief description in the suit does not appear to encompass cases where only some messages are exposed, and he highlighted that the complaint seems to allege access to all messages directly by Meta. Doty also pointed out that end-to-end encryption is not a cure-all because malware or user reporting can expose messages even without breaking encryption, and he framed that limitation as relevant to assessing the plausibility of the allegations in the filing.
The complaint in the proposed class action is said to be light on factual detail about WhatsApp’s actual software. Experts are skeptical about the claims. Technologists consulted said there is no clear technical path for Meta to routinely access the plaintext of WhatsApp messages. Matthew Green said the plaintiffs’ lack of specifics weakens the case.
Maria Villegas Bravo said, “I’m not seeing any factual allegations or any information about the actual software itself.” She added, “I have a lot of questions that I would want answered before I would want this lawsuit to proceed.”
Observers noted the timing of the complaint as it arrives while WhatsApp is litigating against NSO Group.
The proposed class action accusing Meta of accessing WhatsApp messages arrives as WhatsApp is litigating against NSO Group, which is described in the record as the spyware maker behind Pegasus. The complaint was filed against the backdrop of WhatsApp’s roughly three billion users. Experts consulted have expressed skepticism about the claims and have raised technical and evidentiary questions. Technologists said there is no clear technical path for Meta to routinely access the plaintext of WhatsApp messages.
Matthew Green said the only realistic path he identified would be through unencrypted cloud backups stored with Google or Apple, and he characterized the plaintiffs’ lack of specifics about WhatsApp’s software as weakening the case. The complaint is said to be light on factual detail about WhatsApp’s actual software. Nick Doty noted outsiders lack full visibility into proprietary messaging systems and said he would be surprised if the claims are accurate. Observers highlighted the timing of the complaint in relation to the NSO Group litigation.
Cryptographers and privacy lawyers expressed skepticism about the proposed class action that accuses Meta of accessing WhatsApp messages, citing a lack of clear technical evidence and limited factual detail in the complaint. Technologist Matthew Green said there is no clear technical path for Meta to routinely access the plaintext of WhatsApp messages except potentially via unencrypted cloud backups stored with Google or Apple, and he added that “backdoors in an app are always theoretically possible” but “they’d generally be detectable by reverse-engineering” and that the plaintiffs’ lack of specifics weakens the case.
Nick Doty said outsiders lack full visibility into proprietary messaging systems and that he would be “very surprised if the claims are accurate,” and he noted that end-to-end encryption is not a cure-all because malware or user reporting can expose messages without breaking encryption. Maria Villegas Bravo said she was not seeing factual allegations or information about the actual software and said she had “a lot of questions” that she would want answered before the lawsuit proceeds.
