WhatsApp is determined to beat the backlash that has hit the platform this year—even if it has backtracked on its promise not to delete accounts. And so now, to stop you leaving, WhatsApp has issued a serious warning for the millions of you angered by its data harvesting and forced change of terms. Here’s what you need to know.
WhatsApp’s 2021 has proven that when it comes to messaging, bigger is best. Facebook’s flagship messenger has ridden out the storms of protest that followed Apple’s exposure of its alarming data collection and an ill-judged change of terms that is now being forced on its 2 billion users worldwide.
Size and scale gave WhatsApp the confidence to stubbornly ignore the protests. You can forget the pithy graphics and folksy messages that were tweeted in the aftermath of the media meltdown over Facebook’s apparent meddling in WhatsApp’s back end. This is a tech giant that is not listening, because it knows that, ultimately, it can bulldoze through crises with PR and scale. It has also been helped by the limited alternatives available. But, leaving nothing to chance, it has now gone on the attack.
Playing the security card, we have already seen a (misleading) warning from Facebook over iMessage security. And now WhatsApp has gone further, warning tens of millions of angry users that they risk their private messages being read. The headlines in the last week have focused on WhatsApp appearing to backtrack on its promise not to delete accounts where users refuse to accept new terms. This security warning did not get the same attention—but it’s a much more serious risk for you to worry about.
WhatsApp currently tops the download charts for both iPhone and Android—but, more interestingly, its most serious competition has dropped away. Signal surged after WhatsApp’s backlash, fueled by media headlines. But that rush of installs has faded. Beyond its Facebook Messenger stablemate, WhatsApp has two serious competitors—iMessage and Telegram. And it has attacked both as it has defended its position.
WhatsApp has been single-minded in its defense since January. Security, security, security. Ignore data collection and privacy, ignore the Facebook factor, and focus on the security credentials on which it built its brand. We can’t read your messages, it has stressed. Nothing will ever compromise our end-to-end encryption, it has promised. You don’t need to worry about metadata, your private information is safe with us.
WhatsApp clearly understands that it cannot attack Signal over security—it is bettered by the smaller platform on that front. But it has relied on the network effect to solve its Signal problem. Despite the millions of installs, there are not enough Signal users to present a serious threat to WhatsApp’s user base any time soon. And that is especially true now that Signal’s surge in new installs has started to fade.
iMessage, though, is different. “I want to highlight that we increasingly see Apple as one of our biggest competitors,” Facebook CEO Mark Zuckerberg said back in January, as the WhatsApp backlash swirled. “iMessage is a key linchpin of their ecosystem—which is why iMessage is the most used messaging service in the U.S.”
Zuckerberg went on to present the misleading charge that “iMessage stores non-end-to-end encrypted backups of your messages by default unless you disable iCloud… I think that WhatsApp is clearly superior.” I have commented before on why this is not correct and risks misleading millions of users. But it’s a powerful charge to make.
Ultimately, it’s the network effect again that protects WhatsApp against iMessage. Apple’s messenger has the best security architecture of all, but it is limited to its own users, for others iMessage reverts to SMS—and SMS is a disaster. Google is updating Android’s stock messenger with RCS and even beta-testing end-to-end encryption. But Apple isn’t playing along—and so, for cross-platform WhatsApp, this is not a problem.
Which brings us to Telegram—the only credible threat to WhatsApp’s dominance. Telegram now has more than 500 million users, and, like WhatsApp, it goes to market on its self-proclaimed security and privacy credentials. It also offers multi-platform and multi-device access, seamless cloud-driven messaging across all those endpoints, and a host of other rich messaging features. Telegram has targeted unhappy WhatsApp users even more blatantly than Signal, updating its platform to enable WhatsApp users to transfer their entire chat histories across.
“We’ve had surges of downloads before,” Telegram founder Pavel Durov said, as he welcomed 25 million new users prompted to install the app following WhatsApp’s backlash. “But this time is different.”
But Telegram is a world away from WhatsApp when it comes to security. Telegram provides a cloud-centric architecture instead of end-to-end encryption. All your messages are stored on Telegram’s cloud, and with the exception of limited secret messaging between two individuals on just one device apiece, Telegram holds the decryption keys to all that content. Yes, Telegram assures that internal policies prevent that content from being accessed, but there are no technical impediments.
For this reason, I have repeatedly warned users that moving from WhatsApp to Telegram over security concerns makes no sense, and the idea that you would transfer your secured message history from WhatsApp to Telegram’s cloud, under Telegram’s encryption to which it has the key, is a dangerous step to take.
Ironically, Telegram has always attacked WhatsApp over security, describing it as “dangerous.” Unsecured cloud backups on Android and iOS, for example. But the stark truth for Telegram is that, when it comes to everyday messaging, WhatsApp’s security is far superior. Until now, WhatsApp hasn’t really worried about Telegram—despite its hundreds of millions of users, it has always been surprisingly niche, popular in some markets but not really a threat in most. That’s what is now different.
Telegram can play the network effect against WhatsApp—it is big enough to do that. It has a large enough user base that most of us will have contacts on Telegram, and that became much more acute with the tens of millions of new sign-ups that Telegram boasted in the aftermath of WhatsApp’s recent issues. WhatsApp has now warned those tens of millions of people that they are putting their security at risk.
“We’ve seen some of our competitors try to get away with claiming they can’t see people’s messages,” WhatsApp warned last week. “If an app doesn’t offer end-to-end encryption by default that means they can read your messages.” Telegram was not named, but it was the obvious target of that warning—the tens of millions of users that have quit WhatsApp for Telegram. And it’s a warning that should be taken seriously.
Let’s go back to that competitor set. If Signal is now lagging given that network effect, if iMessage is relatively stable but unable to penetrate the cross-platform market, then WhatsApp just needs to see off Telegram to beat the backlash. Telegram is vulnerable over its lack of default end-to-end encryption. WhatsApp will maintain its stance to ride this out. In doing so, it will likely expect most users to stay, and those that play with alternatives to eventually forget about the hidden metadata issue and return.
Little was made of that warning last week, with headlines instead focusing on WhatsApp steadfastly refusing to backdown on the impending change to its service terms. WhatsApp promised on January 15 that “users [will] have plenty of time to review and understand the terms. Rest assured we never planned to delete any accounts based on this and will not do so in the future.”
But it is now clear that this is effectively exactly what will happen in May, for users that do not accept the new terms. “WhatsApp will not delete your account,” it now says, “however, you won’t have full functionality of WhatsApp until you accept.” By limiting accounts, WhatsApp will likely cause those accounts to become “inactive.” And, as WhatsApp says, “accounts are generally deleted after 120 days of inactivity.”
WhatsApp has also confirmed its refusal to backdown on metadata. You’ll have seen the alarming comparisons between WhatsApp, iMessage, Signal and Telegram. “Other apps,” WhatsApp has now told users, “say they’re better because they know even less information than WhatsApp—we believe people are looking for apps to be both reliable and safe, even if that requires WhatsApp having some limited data.”
Unfortunately, it’s not “limited data,” it’s a staggering list of metadata when compared to the others, bar Facebook Messenger—the fact that it’s Facebook’s two platforms that standout is hardly surprising. But it does undermine WhatsApp’s argument that it can be trusted, as does the clever wording changes between January 15 and now, that will mean nothing to those who lose use of their accounts if they don’t accept new terms.
My advice to WhatsApp users remains the same—for now. You can continue to use the app—the changed terms of service are not a personal privacy or security issue, they simply enable Facebook’s business customers to more easily communicate with you over WhatsApp. But you should check out other options in parallel, and my recommendation, as always, is that Signal is the best of these.
But, that said, WhatsApp’s refusal to take the backlash into consideration is poor—its only concession has been added time and a softer PR push. The facts, though, remain the same. WhatsApp has not presented any decent argument for the amount of data it collects, leaving itself open to Facebook-type allegations of avaricious harvesting. It should have reviewed the situation and made changes. It did not. And so, while my advice remains the same, it is time to start thinking about switching to another app.