(Image: DenPhotos/Shutterstock.com). Unsubstantiated claims have circulated in the US for months alleging that WhatsApp can access completely encrypted content. Texas has now filed a lawsuit. The US state of Texas has sued Meta over unproven allegations that Meta employees can view encrypted content on WhatsApp. Attorney General Ken Paxton made this public and stated that assurances that communication on WhatsApp is completely private and inaccessible are “obviously false.” The lawsuit claims that WhatsApp, on the contrary, has access to “practically all” allegedly private content. The claim is based on conclusions drawn by an investigator from the US Department of Commerce who claimed to have discovered exactly this. However, there is no evidence for this, and experts have long cast doubt on the allegations. Meta has also disputed them.
The basis of the lawsuit is primarily a statement from a special investigator who looked into allegations for the US Department of Commerce last year that Meta can view encrypted WhatsApp content. This was based on statements from former employees and information from a whistleblower, Bloomberg reported [1]. However, the investigation was abruptly halted at the end of April, allegedly on orders from senior leadership. This leaves it unclear what evidence was gathered during the investigation. According to the financial news service, two interviewed individuals claimed that during their content moderation work for a contractor, they had broad access to WhatsApp messages.
Backdoor difficult to conceal. The credibility of these statements was already heavily questioned at the time. Former Meta security chief Alex Stamos called them “almost certainly false,” as quoted by Bloomberg. While he could no longer personally vouch for WhatsApp’s code content, such a backdoor would have had to exist for years and would have been downloaded on Android or iOS. There it would easily be found by security researchers. Moreover, such a backdoor would be an enormously lucrative attack vector that Meta would never leave open for contractors.
In a detailed blog post [2] in February, renowned security researcher Matthew Green dismantled the allegations and explained that WhatsApp’s end-to-end encryption and that of other messengers must fundamentally take place on the user’s device. Any backdoor would therefore have to be built right there, and WhatsApp would consequently be caught. With near certainty it would be found in the code, exposing WhatsApp and Meta to “new and exciting forms of ruin.” He suggests the claims may be based on a misunderstanding: when users report content to Meta, for example for harassment, they transmit it in plain text. This is why moderators can see it.
Ken Paxton now sees this differently and states [3] that the lawsuit is intended to ensure that WhatsApp does not mislead its users. The politician from the Republican party is in the middle of a primary campaign for a US Senate seat, with a runoff election taking place in a few days. He already made headlines in February with a lawsuit against TP-Link. In that case, he accused the router manufacturer of misleading advertising and enabling the Chinese Communist Party to access devices in American homes. A Meta spokesman categorically rejected the now-raised allegations and assured that they would defend themselves in court. The lawsuit [4] with case number 26-0393 was filed in Harrison County, Texas.
(mho [6]). URL of this article:. https://www.heise.de/-11303299. Links in this article:. https://www.bloomberg.com/news/articles/2026-04-28/us-ends-investigation-into-claims-whatsapp-chats-aren-t-private?link_source=ta_bluesky_link&taid=69f0e20cc7731a0001bc0d1d&utm_campaign=trueanthem&utm_content=business&utm_medium=social&utm_source=bluesky. https://blog.cryptographyengineering.com/2026/02/02/whatsapp-encryption-a-lawsuit-and-a-lot-of-noise/. https://www.texasattorneygeneral.gov/news/releases/attorney-general-paxton-files-landmark-lawsuit-against-meta-and-whatsapp-lying-about-privacy. https://www.texasattorneygeneral.gov/sites/default/files/images/press/WhatsApp%20Petition.pdf. https://www.heise.de/newsletter/anmeldung.html?id=ki-update&wt_mc=intern.red.ho.ho_nl_ki.ho.markenbanner.markenbanner. mailto:mho@heise.de. Copyright © 2026 Heise Medien
heise security News