WhatsApp's Encryption Stack: What It Covers, What It Doesn't, and What a Federal Agent Spent 10 Months Investigating

WhatsApp uses the Signal Protocol for message encryption. The protocol is solid -- Double Ratchet algorithm for forward secrecy, Curve25519 for key exchange, AES-256 for message encryption, HMAC-SHA256 for authentication. Researchers from Oxford, Queensland University of Technology, and McMaster University formally analyzed it in 2016 and found it cryptographically sound. If you're evaluating WhatsApp's encryption, the in-transit piece holds up.

The rest of the stack is a different story.

This became a legal matter on May 21, when Texas AG Ken Paxton filed suit against Meta and WhatsApp under the Texas Deceptive Trade Practices Act, alleging the companies misled users about the scope of their privacy protections. Meta's response: "WhatsApp cannot access people's encrypted communications and any suggestion to the contrary is false." Both things can coexist -- real encryption in transit, and a privacy profile that doesn't match the marketing -- which is exactly what makes this worth breaking down technically.

The protocol vs. the implementation

The Signal Protocol library WhatsApp uses is open source, publicly reviewed, formally analyzed. That part is trustworthy. What isn't open to independent verification is WhatsApp's complete implementation -- the app code, server-side infrastructure, and key management systems. Security researchers can analyze the published whitepaper and reverse-engineer traffic patterns, but they cannot audit whether the implementation matches the protocol's guarantees end-to-end, whether server-side behaviors create exceptions, or whether the trust model in the documentation reflects what the system actually does.