Misinformation WhatsApp has repeatedly imposed limits on message forwarding in response to the spread of misinformation in countries including India and Australia. The measure, first introduced in 2018 to combat spam, was expanded and remained active in 2021. WhatsApp stated that the forwarding limits had helped to curb the spread of
misinformation regarding COVID-19.
Murders in India In India, WhatsApp encouraged people to report messages that were fraudulent or incited violence after
lynch mobs in India murdered innocent people because of malicious WhatsApp messages falsely accusing the victims of intending to abduct children. There were a series of incidents between 2017 and 2020, after which WhatsApp announced changes for Indian users of the platform that labels forwarded messages as such.
2018 elections in Brazil In an investigation on the use of
social media in politics, it was found that WhatsApp was being abused for the spread of
fake news in the
2018 presidential elections in Brazil. It was reported that US$3 million was spent in illegal concealed contributions related to this practice. Researchers and journalists called on WhatsApp's parent company, Facebook, to adopt measures similar to those adopted in India and restrict the spread of hoaxes and fake news. Encryption was first added in May 2012. End-to-end encryption was only fully implemented in April 2016 after a two-year process. , it is known that WhatsApp makes extensive use of outside contractors and artificial intelligence systems to examine certain user messages, images and videos (those that have been flagged by users as possibly abusive); and turns over to law enforcement metadata including critical account and location information. In 2016, WhatsApp was widely praised for the addition of
end-to-end encryption and earned a 6 out of 7 points on the
Electronic Frontier Foundation's "Secure Messaging Scorecard". WhatsApp was criticized by security researchers and the Electronic Frontier Foundation for using backups that are not covered by end-to-end encryption and allow messages to be accessed by third-parties. In 2019, Edward Snowden alarmed: "The problem with applications like WhatsApp is, it was actually designed to have very strong encryption, just the same as the gold standard today which would be the signal messenger or the wire messenger, but then it was bought by Facebook because it was so good, and now Facebook is quite aggressively reducing the security of WhatsApp about once a quarter, and they’re trying to do it as quietly as possible, so a messenger that the people are comfortable using now is actually a danger to you." In May 2019, a security vulnerability in WhatsApp was found and fixed that allowed a remote person to install spyware by making a call which did not need to be answered. In September 2019, WhatsApp was criticized for its implementation of a 'delete for everyone' feature. iOS users can elect to save media to their camera roll automatically. When a user deletes media for everyone, WhatsApp does not delete images saved in the iOS camera roll and so those users are able to keep the images. WhatsApp released a statement saying that "the feature is working properly", and that images stored in the camera roll cannot be deleted due to Apple's security layers. In November 2019, WhatsApp released a new privacy feature that let users decide who can add them to groups. In December 2019, WhatsApp confirmed a security flaw that would allow hackers to use a malicious GIF image file to gain access to the recipient's data. When the recipient opened the gallery within WhatsApp, even if not sending the malicious image, the hack is triggered and the device and its contents become vulnerable. The flaw was patched and users were encouraged to update WhatsApp. On December 17, 2019, WhatsApp fixed a security flaw that allowed cyber attackers to repeatedly crash the messaging application for all members of group chat, which could only be fixed by forcing the complete uninstall and reinstall of the app. The bug was discovered by
Check Point in August 2019 and reported to WhatsApp. It was fixed in version 2.19.246 onwards. For security purposes, since February 1, 2020, WhatsApp has been made unavailable on smartphones using legacy operating systems like Android 2.3.7 or older and iPhone iOS 8 or older that are no longer updated by their providers. In April 2020, the
NSO Group held its governmental clients accountable for the allegation of
human rights abuses by WhatsApp. In its revelation via documents received from court, the group claimed that the lawsuit brought against the company by WhatsApp threatened to infringe on its clients' "national security and foreign policy concerns". However, the company did not reveal names of the end users, which according to a research by
Citizen Lab include, Saudi Arabia, Bahrain, Kazakhstan, Morocco, Mexico and the United Arab Emirates. On December 16, 2020, a claim that WhatsApp gave Google access to private messages was included in the anti-trust case against the latter. As the complaint was heavily redacted due to being an ongoing case, it did not disclose whether this was alleged tampering with the app's end-to-end encryption, or Google accessing user backups. In January 2021, WhatsApp announced an updated
privacy policy which stated that WhatsApp would share user data with Facebook and its "family of companies" beginning February 2021. Previously, users could opt-out of such data sharing, but the new policy removed this option. The new privacy policy would not apply within the EU, as it is illegal under the
GDPR. Facebook and WhatsApp were widely criticized for this move. The enforcement of the privacy policy was postponed from February 8 to May 15, 2021, WhatsApp announced they had no plans to limit the functionality of the app for those who did not approve the new terms. On November 29, 2021, an FBI document was uncovered by
Rolling Stone, revealing that WhatsApp responds to warrants and subpoenas from law enforcement within minutes, providing user metadata to the authorities. The metadata includes the user's contact information and address book. In January 2022, an unsealed surveillance application revealed that WhatsApp started tracking seven users from China and Macau in November 2021, based on a request from US
DEA investigators. The app collected data on who the users contacted and how often, and when and how they were using the app. This is reportedly not an isolated occurrence, as federal agencies can use the
Electronic Communications Privacy Act to covertly track users without submitting any probable cause or linking a user's number to their identity. At the beginning of 2022, it was revealed that San Diego–based startup Boldend had developed tools to hack WhatsApp's encryption, gaining access to user data, at some point since the startup's inception in 2017. The vulnerability was reportedly patched in January 2021. Boldend is financed, in part, by
Peter Thiel, a notable investor in Facebook. In September 2022, a critical security issue in WhatsApp's Android video call feature was reported. An integer overflow bug allowed a malicious user to take full control of the victim's application once a video call between two WhatsApp users was established. The issue was patched on the day it was officially reported. In 2025, WhatsApp alerted 90 journalists and other members of civil society that they had been targeted by spyware used by the Israeli technology company
Paragon Solutions. In April 2025, a group of Austrian researchers were able to extract 3.5 billion users' phone numbers by being able to make a hundred million contact discovery requests an hour, a flaw that exposed previous warnings from researchers in 2017 were not addressed. The researchers notified Meta (who updated the enumeration problem in October), and deleted their copy of the phone numbers. The
information commissioner has said that the use of WhatsApp posed risks to transparency since members of Parliament, government ministers, and officials who wished to avoid scrutiny might use WhatsApp despite there being official channels. Transparency campaigners have challenged the practice in court. Notably, during the
COVID-19 pandemic, the UK government routinely used WhatsApp to make decisions on managing the crisis, including on personal rather than government-issued devices. When the
official inquiry into the pandemic began seeking evidence in May 2023, this presented
issues for its ability to gather the material it sought. A personal device of the former Prime Minister,
Boris Johnson, had been compromised by a security breach, and it was claimed that it could not be switched on to recover messages. Further, the
Cabinet Office had claimed that since many messages were not relevant to the inquiry, it only needed to hand over material it had selected as being relevant. The
High Court, in a
judicial review sought by the Cabinet Office, declared that all documents sought by the inquiry were to be handed over unredacted. In 2018, it was reported that around 500,000
National Health Service (NHS) staff used WhatsApp and other instant messaging systems at work and around 29,000 had faced disciplinary action for doing so. Higher usage was reported by frontline clinical staff to keep up with care needs, even though NHS trust policies do not permit their use.
Mods and fake versions In March 2019, WhatsApp released a guide for users who had installed unofficial modified versions of WhatsApp and warned that it may ban those using unofficial clients.
WhatsApp snooping scandal In May 2019, WhatsApp was attacked by hackers who installed
spyware on a number of victims' smartphones. The hack, allegedly developed by Israeli surveillance technology firm
NSO Group, injected
malware onto WhatsApp users' phones via a
remote-exploit bug in the app's
Voice over IP calling functions. A
Wired report noted the attack was able to inject malware via calls to the targeted phone, even if the user did not answer the call. In October 2019, WhatsApp filed a lawsuit against NSO Group in a San Francisco court, claiming that the alleged cyberattack violated US laws including the
Computer Fraud and Abuse Act (CFAA). According to WhatsApp, the exploit "targeted at least 100 human-rights defenders, journalists and other members of civil society" among a total of 1,400 users in 20 countries.
Jeff Bezos phone hack In January 2020, a digital forensic analysis revealed that the Amazon founder
Jeff Bezos received an encrypted message on WhatsApp from the official account of
Saudi Arabia's Crown Prince
Mohammed bin Salman. The message reportedly contained a malicious file, the receipt of which resulted in Bezos' phone being hacked. The United Nations' special rapporteur
David Kaye and
Agnes Callamard later confirmed that Jeff Bezos' phone was hacked through WhatsApp, as he was one of the targets of Saudi's hit list of individuals close to
The Washington Post journalist
Jamal Khashoggi.
FBI In 2021, an FBI document obtained through a
Freedom of Information request by
Property of the People, Inc., a
501(c)(3) nonprofit organization, revealed that WhatsApp and
iMessage are vulnerable to law-enforcement
real-time searches. It was later determined that staff of their
Meta investigative team had been duped by false information;
The Wire fired the staff member involved and issued a formal apology to its readers.
Terrorism In December 2015, it was reported that terrorist organization
ISIS had been using WhatsApp to plot the
November 2015 Paris attacks. According to
The Independent, ISIS also uses WhatsApp to traffic sex slaves. In March 2017, British Home Secretary
Amber Rudd said encryption capabilities of messaging tools like WhatsApp are unacceptable, as news reported that Khalid Masood used the application several minutes before perpetrating the
2017 Westminster attack. Rudd publicly called for police and intelligence agencies to be given access to WhatsApp and other encrypted messaging services to prevent future terror attacks. In April 2017, the perpetrator of the
Stockholm truck attack reportedly used WhatsApp to exchange messages with an ISIS supporter shortly before and after the incident. The messages involved discussing how to make an explosive device and a confession to the attack. In April 2017, nearly 300 WhatsApp groups with about 250 members each were reportedly being used to mobilize stone-pelters in
Jammu and Kashmir to disrupt security forces' operations at encounter sites. According to police, 90% of these groups were closed down after police contacted their admins. Further, after a six-month probe which involved the infiltration of 79 WhatsApp groups, the
National Investigation Agency reported that out of about 6386 members and admins of these groups, about 1000 were residents of
Pakistan and gulf nations. Further, for their help in negating anti-terror operations, the Indian stone pelters were getting funded through barter trade from Pakistan and other indirect means. In May 2022, the FBI stated that an ISIS sympathizer, who was plotting to assassinate
George W. Bush, was arrested based on his WhatsApp data. According to the arrest warrant for the suspect, his WhatsApp account was placed under surveillance.
Scams and malware There are numerous ongoing scams on WhatsApp that let hackers spread viruses or malware. In May 2016, some WhatsApp users were reported to have been tricked into downloading a third-party application called
WhatsApp Gold, which was part of a
scam that infected the users' phones with
malware. A message that promises to allow access to their WhatsApp friends' conversations, or their contact lists, has become the most popular hit against anyone who uses the application in Brazil. Clicking on the message actually sends paid text messages. Since December 2016, more than 1.5 million people have clicked and lost money. Another application called
GB WhatsApp is considered malicious by
cybersecurity firm
Symantec because it usually performs some unauthorized operations on end-user devices.
Bans China WhatsApp is owned by
Meta, whose main social media service Facebook has been blocked in China since 2009. In September 2017, security researchers reported to
The New York Times that the WhatsApp service had been completely blocked in China. On April 19, 2024, Apple removed WhatsApp from the App Store in China, citing government orders that stemmed from national security concerns.
Iran On May 9, 2014, the government of
Iran announced that it had proposed to block the access to WhatsApp service to Iranian residents. "The reason for this is the assumption of WhatsApp by the Facebook founder Mark Zuckerberg, who is an American Zionist", said Abdolsamad Khorramabadi, head of the country's Committee on Internet Crimes. Subsequently, Iranian president
Hassan Rouhani issued an order to the Ministry of ICT to stop filtering WhatsApp. It was once again blocked on September 2022 but unblocked on December 2024.
Turkey Turkey temporarily banned WhatsApp in 2016, following the
assassination of the Russian ambassador to Turkey.
Brazil On March 1, 2016, Diego Dzodan, Facebook's vice-president for Latin America was arrested in Brazil for not cooperating with an investigation in which WhatsApp conversations were requested. On March 2, 2016, at dawn the next day, Dzodan was released because the Court of Appeal held that the arrest was disproportionate and unreasonable. On May 2, 2016, mobile providers in Brazil were ordered to block WhatsApp for 72 hours for the service's second failure to cooperate with criminal court orders. Once again, the block was lifted following an appeal, after less than 24 hours. Brazil's Central Bank issued an order to
payment card companies
Visa and
Mastercard on June 23, 2020, to stop working with WhatsApp on its new electronic payment system. A statement from the Bank asserted the decision to block the Facebook-owned company's latest offering was taken to "preserve an adequate competitive environment" in the mobile payments space and to ensure "functioning of a payment system that's interchangeable, fast, secure, transparent, open and cheap."
Uganda The government of
Uganda banned WhatsApp and Facebook, along with other social media platforms, to enforce a tax on the use of social media. Users are to be charged
USh.200/= per day to access these services according to the new law set by parliament.
United Arab Emirates (UAE) The
United Arab Emirates banned WhatsApp video chat and VoIP call applications in as early as 2013 due to what is often reported as an effort to protect the commercial interests of their home grown nationally owned telecom providers (
du and
Etisalat).
Cuba In July 2021, the Cuban government blocked access to several social media platforms, including WhatsApp, to curb the spread of information during the
anti-government protests.
Switzerland In December 2021, the Swiss army banned the use of WhatsApp and several other non-Swiss encrypted messaging services by army personnel. The ban was prompted by concerns of US authorities potentially accessing user data for such apps because of the
CLOUD Act. The army recommended that all army personnel use
Threema instead, as the service is based in Switzerland.
Zambia In August 2021, the digital rights organization
Access Now reported that WhatsApp along with several other social media apps was being blocked in
Zambia for the duration of the
general election. The organization reported a massive drop-off in traffic for the blocked services, though the country's government made no official statements about the block.
Saudi Arabia The
Saudi Central Bank (SAMA) has prohibited local banks from using instant messaging applications like WhatsApp for customer communication. This decision aims to enhance data security and protect customer information.
Russia In Russia, authorities increased pressure on WhatsApp in late 2025. On 28 November 2025, officials warned of a potential full ban on the service. On 11 February 2026, the Russian government fully blocked WhatsApp, which had at least 100 million users in the country until recently, citing its alleged failure to comply with domestic regulations concerning extremist content and state oversight requirements. As per the
BBC report, the decision had been made "due to
Meta's unwillingness to comply with the norms and the letter of Russian law". Meta could resume operations, if it complies with the law and enters into dialogue.
Third-party clients In mid-2013, WhatsApp Inc. filed for the
DMCA takedown of the discussion thread on the
XDA Developers forums about the then popular third-party
client "WhatsApp Plus". In 2015, some third-party WhatsApp clients that were
reverse-engineering the WhatsApp mobile app, received a
cease and desist to stop activities that were violating WhatsApp legal terms. As a result, users of third-party WhatsApp clients were also banned. == WhatsApp Business ==