Khaberni - The founders of WhatsApp and its current owner Meta confirm that the app relies on complete encryption between the parties, which prevents any external party from accessing the content. However, a lawsuit has cast doubt on these claims, alleging that Meta employees can fully access all sent and received messages through the app.
WhatsApp founders, Jan Koum and Brian Acton, specifically designed the messaging app around end-to-end encryption (E2EE), at a time when governments and law enforcement agencies expressed concerns about not being able to access the content.
The feature of full end-to-end encryption (E2EE) means that only the participants in the conversation have the decryption keys to the content of the messages, and although these messages are transmitted through WhatsApp servers, they are sent encrypted, and the company is not supposed to have any means to decrypt the data.
However, the class-action lawsuit alleges that these claims are false and that WhatsApp does not use end-to-end encryption, and according to the text of the lawsuit, Meta and WhatsApp stores the encrypted user communications and have unlimited access to them, contrary to what the companies declare.
According to whistleblowers’ statements, it is very easy for Meta employees to obtain this access. All an employee has to do is send a "task" (a request via Meta’s internal system) to an engineer in the company explaining their need to access WhatsApp messages to perform their tasks.
Then the messages become available for reading almost immediately, and the scope of access includes messages from the activation of the account, including messages users believe they have deleted.
In this regard, Professor Matthew Green, a cryptography professor at Johns Hopkins University, pointed out that WhatsApp's encryption relies on the Signal protocol, although the code used is not open source, making it impossible for independent researchers to verify how it is implemented.
Green explained that the fact that WhatsApp is closed source means that it is not easy to access the source code to see if the encryption was done correctly or even implemented at all.
He added that the same situation applies to iMessage and FaceTime, as Apple does not publish the end-to-end encryption (E2EE) code as open source.
