Pavel Durov Slams WhatsApp Encryption
- Pavel Durov, the founder and CEO of Telegram, has intensified his criticism of WhatsApp's security architecture, alleging that the platform's claims regarding end-to-end encryption are misleading.
- The renewed criticism follows a series of provocative statements made by Durov earlier in the year.
- Durov claimed that Telegram conducted an internal analysis of how WhatsApp implements its encryption and discovered multiple attack vectors, which are specific paths or vulnerabilities that a hacker...
Pavel Durov, the founder and CEO of Telegram, has intensified his criticism of WhatsApp’s security architecture, alleging that the platform’s claims regarding end-to-end encryption are misleading. On April 9, 2026, Durov posted on the social media platform X, describing WhatsApp’s encryption as the biggest consumer fraud in history
, claiming the service deceives billions of users by reading their messages and sharing them with third parties.
End-to-end encryption, or E2EE, is a security standard designed to ensure that only the communicating users can read the messages, preventing third parties—including the service provider—from accessing the plaintext content.
Allegations of Security Vulnerabilities
The renewed criticism follows a series of provocative statements made by Durov earlier in the year. On January 26, 2026, Durov stated on X that any individual trusting WhatsApp’s security in 2026 would have to be braindead
.

Durov claimed that Telegram conducted an internal analysis of how WhatsApp implements its encryption and discovered multiple attack vectors
, which are specific paths or vulnerabilities that a hacker could use to gain unauthorized access to a system. While Durov has not publicly released the specific technical details of these findings, his comments were amplified by Elon Musk, the owner of X, who replied True
to the post.
This is not the first instance of Durov questioning the security of the Meta-owned platform. In 2022, he stated that he had deleted WhatsApp from his own devices years prior due to his belief that hackers could easily access the devices of the app’s users.
Legal Challenges to Meta’s Privacy Claims
Durov’s assertions align with a class-action lawsuit filed in the U.S. District Court in San Francisco against Meta. The lawsuit, which involves an international group of plaintiffs from countries including Brazil, India, Mexico, South Africa, and Australia, accuses Meta of misleading users about the actual privacy of their communications.
The legal complaint alleges that Meta can access virtually all
communications despite its public promises of end-to-end encryption. Specifically, the suit alleges the existence of a backdoor
—a hidden point of entry into a system—within the app’s code. This backdoor could allegedly allow internal Meta personnel or contracted third parties to bypass encryption under certain conditions, particularly for the purpose of content moderation.
WhatsApp’s “encryption” may be the biggest consumer fraud in history — deceiving billions of users. Despite its claims, it reads users’ messages and shares them with third parties. Telegram has never done this — and never will
Pavel Durov
Meta’s Response and Industry Context
Meta has rejected the accusations brought forward in the San Francisco lawsuit. The company maintains that WhatsApp messages remain fully encrypted and are inaccessible to Meta.
The ongoing dispute highlights a broader tension in the tech industry between the demand for absolute user privacy and the pressures of content moderation and government requests for data. Durov has consistently positioned Telegram as a more privacy-centric alternative to mainstream messaging apps, emphasizing a resistance to government pressure and a commitment to user freedom.
Cybersecurity experts have noted that the technical reality of these claims is often more complex than the public rhetoric used by tech executives. However, the combination of high-profile criticisms from billionaires and active litigation in federal court has reignited global discussions regarding the transparency of encryption implementations in apps used by over 2 billion people worldwide.
