Over the past few years, Telegram founder Pavel Durov has waged a sort of “battle” against WhatsApp, highlighting its security and privacy problems.
Durov has always been very attentive to issues of privacy and freedom of speech more generally, having a libertarian view of politics and economics, considering the rights of the individual to take priority over everything.
WhatsApp, started in 2009 by two Yahoo employees, was purchased by Meta in 2014, and it is a fact that Mark Zuckerberg’s companies base their business on aggregating data and reselling it to advertisers. However, what Pavel Durov highlights are WhatsApp’s security problems: just a few weeks ago a new vulnerability was discovered that allows remote code to be executed, compromising the victim’s smartphone.
Hackers could have full access (!) to everything on the phones of WhatsApp users.
This was possible through a security issue disclosed by WhatsApp itself last week. All a hacker had to do to control your phone was send you a malicious video or start a video call with you on WhatsApp. You are probably thinking “Yeah, but if I updated WhatsApp to the latest version, I am safe, right”?
A WhatsApp security issue exactly like this one was discovered in 2018, then another in 2019 and yet another one in 2020 (tap each year’s link to see the corresponding vulnerability). And yes, in 2017 before that. Prior to 2016, WhatsApp didn’t have encryption at all.
Every year, we learn about some issue in WhatsApp that puts everything on their users’ devices at risk. Which means it’s almost certain that a new security flaw already exists there. Such issues are hardly incidental – they are planted backdoors. If one backdoor is discovered and has to be removed, another one is added (read the post “Why WhatsApp will never be secure” to understand why).
It doesn’t matter if you are the richest person on earth – if you have WhatsApp installed on your phone, all your data from every app on your device is accessible, as Jeff Bezos found out in 2020. That’s why I deleted WhatsApp from my devices years ago. Having it installed creates a door to get into your phone.
I’m not pushing people to switch to Telegram here. With 700M+ active users and 2M+ daily signups, Telegram doesn’t need additional promotion. You can use any messaging app you like, but do stay away from WhatsApp – it has now been a surveillance tool for 13 years.
Of course, we know that somehow it is “normal” to find vulnerabilities in applications and software, but what Durov points out is the fact that these serious security problems on WhatsApp are recurring-this in fact cannot be underestimated.
Durov consider WhatsApp a spyware: “Looking back, there hasn’t been a single day in WhatsApp’s 10-year journey when this service was secure” he tells in his 2019 article titled “Why WhatsApp will never be secure.”
Durov also claims that WhatApp shares data (and logs) with the Meta universe for advertising purposes, as well as containing backdoors that allow partial device compromise.
Unlike Telegram, WhatsApp is not open source, so there’s no way for security researchers to easily check whether there are backdoors in its code. Not only does WhatsApp not publish its code, they do the exact opposite: WhatsApp deliberately obfuscates their apps’ binaries to make sure no one is able to study them thoroughly.
WhatsApp and its parent company Facebook may even be required to implement backdoors – via secret processes such as FBI gag orders. It’s not easy to run a secure communication app from the US. A single week our team spent in the US in 2016 got us three infiltration attempts by the FBI.