Facebook Insists No Security ‘Backdoor’ Is Planned for WhatsApp

The company is fighting back against rumors that it would scan messages on users’ phones prior to encryption

Yael Grauer
OneZero
Published in
5 min readAug 2, 2019

--

Photo: SOPA Images/Getty Images

BBillions of people use the messaging tool WhatsApp, which added end-to-end encryption for every form of communication available on its platform back in 2016. This ensures that conversations between users and their contacts — whether they occur via text or voice calls — are private, inaccessible even to the company itself.

But several recent posts published to Forbes’ blogging platform call WhatsApp’s future security into question. The posts, which were written by contributor Kalev Leetaru, allege that Facebook, WhatsApp’s parent company, plans to detect abuse by implementing a feature to scan messages directly on people’s phones before they are encrypted. The posts gained significant attention: A blog post by technologist Bruce Schneier rehashing one of the Forbes posts has the headline “Facebook Plans on Backdooring WhatsApp.”

It is a claim Facebook unequivocally denies.

“To be crystal clear, we have not done this, have zero plans to do so, and if we ever did, it would be quite obvious and detectable that we had done it.”

“We haven’t added a backdoor to WhatsApp,” Will Cathcart, WhatsApp’s vice president of product management, wrote in a statement provided to OneZero and previously posted to Hacker News.“To be crystal clear, we have not done this, have zero plans to do so, and if we ever did, it would be quite obvious and detectable that we had done it. We understand the serious concerns this type of approach would raise, which is why we are opposed to it.”

WhatsApp is one of the most scrutinized apps in the world, a Facebook spokesman told OneZero in a phone call, adding that any kind of backdoors would be immediately obvious to the security community. There are many security experts looking at WhatsApp on a regular basis, he added.

Although the app is not open-source, security researchers can download the Android application package (APK) and use third-party tools to get readable Java…

--

--

Yael Grauer
OneZero

I’m an investigative reporter covering technology, online privacy and security, hacking and digital freedom. yael@yaelwrites.com