‘Delete WhatsApp unless you’re OK with surveillance,’ founder of rival Telegram messenger warns

WhatsApp is a “Trojan horse” exploited to snoop on millions of users naive enough to believe that the Facebook-owned messenger differs from its parent company, long beset by privacy scandals, Telegram founder Pavel Durov said.

In a lengthy post on his Telegram channel on Wednesday, Durov took aim at one of his brainchild’s biggest rivals – WhatsApp, the world’s leading messaging app, which became a Facebook subsidiary in 2014 and boasts some 1.5 billion monthly active users.

“Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: Unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone.”

The Russian-born entrepreneur pulled no punches, citing a long record of privacy-related violations by Facebook to back up his case.

“WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp.”

In his stinging attack on the messenger, Durov also recounted a recent discovery of yet another system vulnerability in WhatsApp, which allowed hackers to send a specially crafted MP3 file to Android and iOS users and thereby obtain access to all their data.

“All a hacker had to do was send you a video – and all your data was at the attacker’s mercy,” Durov wrote.

While Facebook alerted WhatsApp users of the vulnerability, the social media giant played down the incident, saying that they lack any evidence that the backdoor was ever actually exploited by hackers. Durov argued, however, that Facebook’s denials are just smoke and mirrors, as “a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users.”

Since WhatsApp does not store video files on its servers, instead sending most of its media and messages directly to Google and Apple’s servers, Facebook simply washed its hands of the affair, Durov argued.

Durov dismissed the notion that WhatsApp was simply riddled with system errors, and could not help but “accidentally” implement “critical security vulnerabilities across all their apps every few months.”

“I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for surveillance, on a regular basis.”

Last month, the New York Times reported that officials in the US, UK and Australia penned a letter to Facebook CEO Mark Zuckerberg demanding that the company develop “back doors” in its messengers to provide intelligence agencies access to the communications of some 300 million daily WhatsApp users, as well as 1.5 billion who log into Facebook daily.