Elon Musk says WhatsApp is 'not secure' as lawsuit alleges the app has no end-to-end encryption

Elon Musk has posted on X (formerly Twitter) that "WhatsApp is not secure. Even Signal is questionable. Use X chat"

The post comes after WhatsApp, the global messaging app giant, faces a legal firestorm in a US district court.

As per a Bloomberg report, the lawsuit was filed by a group of users based in countries such as Australia, Mexico, and South Africa who claim that the platform’s security is essentially nonexistent, and that Meta employees can access private messages at will.

At the heart of the argument is the testimony of unnamed "courageous whistleblowers" who claim that the internal systems at Meta allow staff to bypass encryption via a simple internal request process.

According to the 51-page complaint, Meta workers can allegedly bypass encryption by sending a "task" through the company’s internal systems. The lawsuit claims that once an engineer approves the request, a widget becomes available on the worker’s station, allowing them to read a user’s messages in real-time using their unique User ID.

The users further allege that this access is "unlimited in temporal scope," suggesting that employees could potentially view a user's entire message history, including communications the user believes they have deleted.

However, the lawsuit has yet to provide any technical evidence to support these sensational claims. Historically, WhatsApp has maintained that encryption keys are stored only on the sender’s and recipient’s devices, making it mathematically impossible for the company to decrypt and read messages in transit.

Meta has categorically denied the allegations. A spokesperson for the company told PCMag that the claims are "false and absurd," adding that “WhatsApp has been end-to-end encrypted using the Signal protocol for a decade. This lawsuit is a frivolous work of fiction, and we will pursue sanctions against plaintiffs’ counsel."

This is not the first time WhatsApp’s privacy credentials have been questioned. In 2021, reports emerged regarding the platform’s ability to view messages that had been manually flagged for abuse by users. While this was presented as a safety feature rather than a breach of E2EE, it sparked a debate about the "metadata" the company collects, such as location and contact habits, which are not encrypted.

Telegram CEO Pavel Durov also posted on X, saying that one would have to be "braindead to believe WhatsApp is secure in 2026" 

The current lawsuit also follows a separate legal battle involving WhatsApp’s former head of security, Attaullah Baig, who alleged he faced retaliation after attempting to address "systemic cybersecurity failures" within the company.