WhatsApp is in the midst of another data breach after attackers used Israeli spyware to infiltrate phones by calling users on WhatsApp. After facing immense criticism from its users, WhatsApp is now on the receiving end of reprove after Telegram founder Pavel Durov mouthed that WhatsApp will never be secure.
In a blog post titled “Why WhatsApp Will Never Be Secure”, Durov says every time WhatsApp has to fix a critical vulnerability in their app, a new one seems to appear in its place. Durov stresses that WhatsApp, unlike Telegram, is not open source and that’s one of the reasons why security researchers find it hard to check for backdoors inside the platform.
Not only does WhatsApp not publish its code, the company intentionally blocks their app binaries to ensure no one is able to study them. While WhatsApp doesn’t allow researches to study the app security, Durov stresses that WhatsApp and its parent company Facebook may even be required to implement backdoors – via secret processes for the FBI and other agencies.
Durov said “I understand security agencies justify planting backdoors as anti-terror efforts. The problem is such backdoors can also be used by criminals and authoritarian governments. No wonder dictators seem to love WhatsApp. Its lack of security allows them to spy on their own people, so WhatsApp continues being freely available in places like Russia or Iran, where Telegram is banned by the authorities”.
The Telegram founder also entailed that WhatsApp’s history with the lack of security has been consistent. It first came from zero encryption at its inception to the current day when it has several privacy issues. He explained “hasn’t been a single day in WhatsApp’s 10-year journey when this service was secure. That’s why I don’t think that just updating WhatsApp’s mobile app will make it secure for anyone”.
Durov said “3 years ago WhatsApp announced they implemented end-to-end encryption so no third party can access messages. It coincided with an aggressive push for all of its users to back up their chats in the cloud. When making this push, WhatsApp didn’t tell its users that when backed up, messages are no longer protected by end-to-end encryption and can be accessed by hackers and law enforcement”.
For WhatsApp to become a privacy-oriented service, Durov said the service “has to risk losing entire markets and clashing with authorities in their home country”.
The blog post also revealed how WhatsApp Founders left the company and admired that “they sold their users’ privacy” and how users are still unsafe if they’re not on WhatsApp but use Facebook or Instagram.
Durov admitted that a part of the blame also goes to Telegram as it failed to convince users to switch over from WhatsApp. “Many of those who use Telegram are also on WhatsApp, meaning their phones are still vulnerable,” said Durov. He added, “Even those who ditched WhatsApp completely are probably using Facebook or Instagram, both of which think it’s OK to store your passwords in plaintext”.
The post also detailed that recently Facebook had been copy-pasting all of Telegram’s features on to WhatsApp. Durov evened that in Facebook’s F8, Mark Zuckerberg gave a speech on privacy and speed citing Telegram’s app description word for word.