WhatsApp uses the Signal Protocol for message encryption. The protocol is solid -- Double Ratchet algorithm for forward secrecy, Curve25519 for key exchange, AES-256 for message encryption, HMAC-SHA256 for authentication. Researchers from Oxford, Queensland University of Technology, and McMaster University formally analyzed it in 2016 and found it cryptographically sound. If you're evaluating WhatsApp's encryption, the in-transit piece holds up.

The rest of the stack is a different story.

This became a legal matter on May 21, when Texas AG Ken Paxton filed suit against Meta and WhatsApp under the Texas Deceptive Trade Practices Act, alleging the companies misled users about the scope of their privacy protections. Meta's response: "WhatsApp cannot access people's encrypted communications and any suggestion to the contrary is false." Both things can coexist -- real encryption in transit, and a privacy profile that doesn't match the marketing -- which is exactly what makes this worth breaking down technically.

The protocol vs. the implementation

The Signal Protocol library WhatsApp uses is open source, publicly reviewed, formally analyzed. That part is trustworthy. What isn't open to independent verification is WhatsApp's complete implementation -- the app code, server-side infrastructure, and key management systems. Security researchers can analyze the published whitepaper and reverse-engineer traffic patterns, but they cannot audit whether the implementation matches the protocol's guarantees end-to-end, whether server-side behaviors create exceptions, or whether the trust model in the documentation reflects what the system actually does.

The EFF's Surveillance Self-Defense guide makes this explicit: WhatsApp's "closed-source nature makes it difficult for outside experts to confirm that the company has implemented their encryption in a secure way." The uncertainty isn't cryptographic. It's implementation-layer.

The backup problem

Cloud backups are the clearest gap, and it's entirely a product decision. By default:

• Android users backing up to Google Drive: not protected by E2EE
• iOS users backing up to iCloud: not protected by E2EE

WhatsApp shipped encrypted backup support in 2021 -- HSM-based key vault, solid engineering -- but it's opt-in and buried in settings. Most users have never touched it. The practical consequence: message content that's cryptographically protected in transit can be sitting in a plaintext cloud backup. This has been a documented law enforcement access vector for years. Obtaining unencrypted WhatsApp backups from cloud providers is one of the more reliable routes to message content precisely because the E2EE that protects messages in motion doesn't follow them into storage by default. The engineering on the encrypted backup option is solid. Shipping it as opt-in rather than opt-out is the choice that created the expsoure.

The metadata problem

E2EE protects message content. It doesn't protect metadata. WhatsApp's own privacy policy documents what gets collected: usage logs including last-seen timestamps and feature usage, device and connection information including hardware model, OS, app version, IP address, and mobile network details, and general location inferred from IP and phone settings -- all cross-refrenceable with other Meta services.

General Michael Hayden, former director of both the NSA and CIA, said it plainly at a Johns Hopkins debate in 2014: "We kill people based on metadata." The point being that communication patterns -- who, when, how often, from where -- tell a detailed story without needing message content. A messaging platform that generates this volume of behavioral telemetry is not the same as a private communication system, even if the content is encrypted.

The Commerce Department investigation

In April 2026, Bloomberg reported on a ten-month investigation inside the Commerce Department's Bureau of Industry and Security. According to Bloomberg -- which reviewed and authenticated the correspondence with multiple recipients -- a BIS special agent circulated a January 16, 2026 email to more than a dozen federal officials. The agent wrote that Meta "stores and can view WhatsApp messages" and that "there is no limit to the type of WhatsApp message that can be viewed by Meta." He described a "tiered permissions system" in place since at least 2019, with access reportedly extending to employees, contractors, and a significant number of overseas workers.

Bloomberg explicitly stated it had not independently confirmed the agent's underlying claims. Shortly after the email circulated, BIS publicly disavowed the probe and stated it was not investigating Meta or WhatsApp for export law violations. Meta denies all of it.

Two things are true simultaneously: these claims are unproven, and a ten-month federal investigation reached preliminary conclusions that directly contradict Meta's marketing, then was closed before those conclusions were formally tested. File that where it belongs -- as an open question, not a finding.

The content moderation distinction

Bloomberg also reported that two individuals performing content moderation work under contract with Accenture described having broad access to WhatsApp messages. Worth being precise about this.

When a user reports a message on WhatsApp, the platform receives that message plus the four preceding it -- five total including images and video -- along with metadata. Human reviewers evaluate it against platform policy. Meta acknowledges this. It's been independently confirmed by ProPublica. If Accenture contractors were accessing messages through this workflow, that's consistent with a documented abuse-reporting mechanism, not evidence of a systemic backdoor. The distinction matters: a moderation workflow that activates on user report is architecturally different from arbitrary access to arbitrary conversations.

What the investigation didn't resolve is whether access was strictly bounded to reported content or extended beyond it. That's the meaningful unanswered question.

Architecture comparison: Signal

If you're making a recommendation about sensitive communication channels, the comparison worth making is architectural.

Signal uses the same underlying cryptographic protocol. The differences:

• Full codebase is open source including server-side components -- independently reviewable
• Minimal data retention: Signal has disclosed in legal-process responses that it can provide only an account's creation date and the date of its most recent connection to Signal's servers
• No advertising business model creating structural incentives to expand data collection
• Security claims are independently verifiable -- WhatsApp's implementation-layer claims are not

That's an architecture argument, not a brand preference. The protocol is the same. The trust model is not.

The lawsuit context

Paxton's suit is worth noting but shouldn't be the primary frame for evaluating the technical questions. The technical gaps described above existed before anyone filed anything. Worth noting the filing landed while Paxton pursues the Republican nomination for U.S. Senate in a heated runoff -- his office has run a sustanied enforcement campaign against major tech companies, with prior settlements from Meta over biometric data collection and from Google over tracking practices, and active cases against Netflix, Snapchat, and TikTok.

Whether the case succeeds under Texas consumer protection law doesn't change the architecture. The mental model most users have -- "encrypted means private" -- maps to the protocol. The system they're actually running includes default-unencrypted backups, extensive metadata collection, an unauditable implementation, and unresolved questions about internal access.

That gap is the real issue. Courts won't close it.