Ripple effect: Questions about whether WhatsApp's encryption works as Meta describes have taken center stage in a new international lawsuit filed in a US federal court, where plaintiffs allege that Meta misled billions of users about the privacy of their messages.
Filed Friday in the US District Court for the Northern District of California, the complaint accuses Meta of overstating the security of WhatsApp's end-to-end encryption – a technology the company has long promoted as the backbone of its privacy promise.
Plaintiffs from Australia, Brazil, India, Mexico, and South Africa claim that Meta and WhatsApp can "store, analyze, and access" messages that users are told remain private. The suit asks the court to treat the case as a class action on behalf of WhatsApp users globally.
Meta, which bought WhatsApp in 2014, has rejected the allegations. Company spokesperson Andy Stone called the claims "categorically false and absurd" in an emailed statement to Bloomberg, adding that WhatsApp "has been end-to-end encrypted using the Signal protocol for a decade." Stone described the case as "a frivolous work of fiction" and said Meta intends to seek sanctions against the plaintiffs' legal team.
The Signal protocol is a cryptographic system originally developed by Open Whisper Systems and recognized across the tech industry as a gold standard for private messaging. Meta has repeatedly said that the feature is enabled by default and that only participants in a conversation can read or listen to exchanges.
The lawsuit challenges this technical guarantee, alleging that Meta's internal infrastructure undermines the principle of end-to-end encryption. According to the complaint, the company retains data that should be inaccessible even to its own servers and allows its workforce to examine message content.
Those claims are reportedly based on information from unnamed whistleblowers, though the filings don't identify them or provide details about the evidence.
Attorneys from Quinn Emanuel Urquhart & Sullivan and Keller Postman LLP represent the plaintiffs, along with Jay Barnett of Barnett Legal. None of the lawyers involved has commented publicly beyond the court filings.
For years, cryptography experts have cited the Signal protocol – also used by the Signal app – as one of the most secure frameworks for consumer messaging, relying on asymmetric encryption and forward secrecy to prevent third-party access. If the plaintiffs' claims prove accurate, the implications would reach far beyond WhatsApp and potentially challenge how encryption standards are audited and communicated to the public.