Telegram’s CEO has accused WhatsApp of a “consumer fraud” regarding its encryption, claiming most messages are unencrypted in cloud backups. While WhatsApp’s in-transit encryption is robust, backups to Apple and Google servers are vulnerable unless users manually enable password protection. This issue highlights a significant gap in message security, despite the app’s core encryption working as intended.
Telegram CEO Pavel Durov fired off a fresh broadside at WhatsApp this week, calling its end-to-end encryption promise a “giant consumer fraud.” His argument: roughly 95% of WhatsApp messages end up in plain-text backups on Apple or Google servers—because backup encryption is optional, and almost nobody turns it on.Durov pressed further. Even if you do encrypt your own backups, your messages still leak through the people you’re chatting with. If 90% of your contacts haven’t enabled backup encryption, your conversations are sitting unprotected on someone’s cloud server regardless.
WhatsApp’s encryption is real, just not unconditional
WhatsApp’s in-transit encryption, built on the Signal protocol, has been in place since 2016 and is technically robust. The company has consistently maintained that it cannot read your messages while they travel between devices.
That claim broadly holds. The problem isn’t the encryption itself—it’s where messages end up after they arrive.When WhatsApp backs up to iCloud or Google Drive, the encryption handoff stops. Those backups fall under Apple and Google’s own data practices, which means they can—and do—respond to legal requests. Durov claims Apple and Google hand over backed-up WhatsApp messages to third parties thousands of times every year.
A January lawsuit raised bigger questions about WhatsApp’s internal access
Durov’s criticism lands in an already charged environment. In January 2026, a class action lawsuit filed in San Francisco alleged that Meta employees could pull up WhatsApp messages in real time through an internal request system—no decryption step required. Meta called the claims “false and absurd,” and no technical evidence has been produced to back them up. The case is ongoing.WhatsApp does offer end-to-end encrypted backups as an opt-in feature, introduced in 2021. Users can lock down their backup with a password or encryption key—but awareness of the feature remains low.So Durov isn’t entirely wrong, just selectively framed. WhatsApp’s encryption works in transit. The gap is in the backup layer, and closing it takes about 30 seconds in settings—a step most users simply never take.
