Pavel Durov, the founder and chief executive officer of Telegram, criticised WhatsApp's "end‑to‑end encryption" in a post on X on Sunday. Durov asserted that about 95 percent of private WhatsApp messages are stored as plain‑text backups on Apple or Google servers, calling the encryption claim "giant consumer fraud". He wrote: "WhatsApp's 'E2E encryption by default' claim is a giant consumer fraud: ~95 per cent of private messages on WhatsApp end up in plain‑text backups on Apple/Google servers — not E2E‑encrypted. Backup encryption is optional, and few people enable it — let alone use strong passwords." Durov added that even when users protect their backups with a password, messages can still be exposed because the majority of recipients do not use the same protection, and that WhatsApp logs and shares contact information. He claimed Apple and Google disclose backed‑up WhatsApp messages to third parties thousands of times a year, while Telegram has not disclosed any user messages in its 12‑year history.
WhatsApp's own website states that end‑to‑end encryption is "on by default", allowing only the sender and recipient to read messages, and that no one—including WhatsApp, hackers, or governments—can access them. The platform explains that encryption happens automatically without the need for special settings. Elon Musk, owner of X, responded to Durov's post, agreeing that WhatsApp messages are not secure and urging users to "use Chat/DMs instead!"
Pavel Durov's allegation that roughly 95 percent of WhatsApp chats end up in unencrypted cloud backups strikes at the core of the app's marketability as a private messenger. By branding the encryption claim a "giant consumer fraud", Durov challenges the trust that billions of users place in a service promoted as impenetrable.
The controversy taps into broader anxieties about data sovereignty and corporate transparency. While WhatsApp's website insists that encryption is automatic and exclusive to sender and recipient, Durov points out that backup settings are optional and that most users—especially in Africa—do not enable strong passwords. His claim that Apple and Google routinely share backed‑up messages with third parties adds a layer of corporate complicity that resonates with recent debates over cloud storage practices.
For ordinary Nigerians who rely on WhatsApp for personal, business, and political communication, the alleged exposure could mean that private conversations are vulnerable to unintended access, potentially affecting entrepreneurs negotiating deals, activists coordinating protests, and families sharing sensitive information.
The episode mirrors a growing pattern where competing platforms publicly question each other's security claims to attract users. As messaging apps vie for dominance, the emphasis on privacy becomes a key battleground, and users may increasingly migrate toward services that can substantiate their security promises.
