An international group of WhatsApp users has filed a lawsuit against Meta Platforms Inc., accusing the company of falsely claiming that its popular messaging service protects user privacy through end-to-end encryption.
The complaint, filed Friday in U.S. District Court in San Francisco, alleges that Meta and its WhatsApp unit “store, analyze, and can access virtually all of WhatsApp users’ purportedly ‘private’ communications,” despite repeatedly assuring users that their messages are visible only to senders and recipients. The plaintiffs accuse the company and its leadership of fraud and deceptive practices affecting billions of users worldwide.
Meta, which acquired WhatsApp in 2014 for about $19 billion, has made end-to-end encryption central to the app’s identity and marketing. The company says the feature is enabled by default and uses in-app notices telling users that “only people in this chat can read, listen to, or share” their messages.
End-to-end encryption is designed so that message content is scrambled and can be decrypted only on users’ devices, with encryption keys never accessible to the service provider. WhatsApp says it has relied for a decade on the Signal protocol, a widely respected open-source encryption system that has been reviewed by independent security researchers.
The lawsuit directly challenges those assurances. Plaintiffs from Australia, Brazil, India, Mexico and South Africa claim that Meta retains the substance of user communications and that company employees can access message content. The complaint references unnamed “whistleblowers” who allegedly revealed internal practices that undermine WhatsApp’s stated privacy protections, though it provides few details about their identities or roles.
Meta strongly rejected the claims. Company spokesperson Andy Stone called the lawsuit “frivolous” and said Meta plans to seek sanctions against the plaintiffs’ lawyers.
“Any claim that people’s WhatsApp messages are not encrypted is categorically false and absurd,” Stone said in an emailed statement. “WhatsApp has been end-to-end encrypted using the Signal protocol for a decade. This lawsuit is a frivolous work of fiction.”
Lawyers for the plaintiffs are asking the court to certify the case as a class action, which could allow them to represent large numbers of WhatsApp users globally. Attorneys listed in the filing from the firms Quinn Emanuel Urquhart & Sullivan and Keller Postman did not immediately respond to requests for comment. Another attorney for the plaintiffs, Jay Barnett of Barnett Legal, declined to comment. A representative for the plaintiffs also did not respond to questions about the allegations.
Privacy experts note that, in principle, true end-to-end encryption prevents providers from reading message content either while messages are being sent or while they are stored. However, critics have long argued that factors such as data backups, metadata collection, or internal handling of messages could weaken those guarantees if not carefully implemented.
The lawsuit adds to ongoing scrutiny of Meta’s data and privacy practices, following years of regulatory investigations and whistleblower disclosures involving other Meta platforms. So far, no independent technical evidence has been made public to substantiate the specific claims outlined in the new complaint.
The plaintiffs are seeking unspecified damages. As the case moves forward, it is likely to reignite questions about how technology companies market privacy features — and whether users can trust assurances that their digital conversations remain truly private.
