Telegram founder and CEO Pavel Durov has criticized WhatsApp’s security, saying that anyone who believes the app is secure in 2026 would have to be “braindead.” Currently, WhatsApp is facing a class-action lawsuit in the United States over its claims about end-to-end encryption and user privacy.
Durov shared his views on X, formerly known as Twitter, writing, “You’d have to be braindead to believe WhatsApp is secure in 2026. When we analyzed how WhatsApp implemented its ‘encryption’, we found multiple attack vectors.” Although he did not publicly explain these alleged weaknesses, his statement quickly gained attention. Furthermore, it reignited concerns over whether popular messaging platforms truly protect private conversations.
The comments followed a lawsuit filed in the US District Court for Northern California, which accuses WhatsApp of misleading users about the security of its end-to-end encryption. The plaintiffs include users from India, Brazil, Australia, Mexico, and South Africa. According to the complaint, Meta’s marketing of WhatsApp’s privacy features does not match how the system actually works behind the scenes.
The lawsuit claims that WhatsApp “stores, analyzes, and can access virtually all of WhatsApp users’ purportedly ‘private’ communications.” It further alleges that Meta retains the ability to decrypt messages for data analysis and internal monitoring.
— Elon Musk (@elonmusk) January 27, 2026
The filing also suggests that Meta employees can request access to user chats and that messages may appear in real time, even if users believe the content has been deleted. However, the claims have not yet been backed by publicly released technical evidence.
The controversy grew larger when Elon Musk joined the discussion. Reacting to reports about the lawsuit, Musk posted on X, saying, “WhatsApp is not secure. Even Signal is questionable. Use X Chat.” While his comment promoted his own messaging product, it added more pressure to WhatsApp. In addition, it intensified public debate over trust and privacy in digital communication.
In response to the allegations, WhatsApp strongly denied the claims. Will Cathcart, the head of WhatsApp, dismissed the lawsuit as false and misleading.
He wrote, “This is totally false. WhatsApp can’t read messages because the encryption keys are stored on your phone and we don’t have access to them. This is a no-merit, headline-seeking lawsuit brought by the very same firm defending NSO after their spyware attacked journalists and government officials.”
Meta also rejected the accusations and described the lawsuit as baseless. Company spokesperson Andy Stone said the claims were “frivolous” and “absurd.”
In a statement sent to Bloomberg, he said, “Any claim that people’s WhatsApp messages are not encrypted is categorically false. WhatsApp has been end-to-end encrypted using the Signal protocol for a decade. This lawsuit is a frivolous work of fiction.” Meta added that it plans to seek legal sanctions against the plaintiffs’ lawyers.
WhatsApp has long stated that it uses the Signal Protocol, which has undergone independent security audits confirming that messages are end-to-end encrypted by default. Under this system, only the sender and receiver are intended to be able to read messages. No access is granted to the platform itself.
