Introduction
CBS News published a report stating that Meta, the parent company of WhatsApp, expressed concern over Iran’s attempts to restrict citizens from using the messaging app. The article outlines Iran’s accusation that WhatsApp enables hostile foreign tracking during wartime, to which Meta reaffirmed its end-to-end encryption and user privacy policies. However, a user flagged the article, questioning the credibility of Meta’s encryption claims in light of previous security breaches—especially the 2019 Pegasus spyware incident. Does WhatsApp remain as secure as Meta insists?
Historical Context
End-to-end encryption has long been a cornerstone of WhatsApp’s messaging platform, marketed as a way to keep digital communication private and immune to surveillance. However, encryption does not mean invulnerability. In 2019, revelations that NSO Group’s Pegasus spyware exploited vulnerabilities in WhatsApp raised worldwide alarms, particularly among journalists, activists, and dissidents. During geopolitical conflicts—like the current Iran-Israel tensions—communications apps are often targeted, regulated, or shut down altogether, making discussions about their security and usage increasingly urgent.
Fact-Check Specific Claims
Claim #1: “All of the messages you send to family and friends on WhatsApp are end-to-end encrypted meaning no one except the sender and recipient has access to those messages, not even WhatsApp.”
This claim is mostly accurate, but it’s missing critical context. WhatsApp does implement end-to-end encryption for messages, using the Signal Protocol. This means that in-transit messages are encrypted and neither WhatsApp nor Meta can read the message content. However, end-to-end encryption does not account for vulnerabilities at the device level. In 2019, NSO Group’s Pegasus spyware exploited a zero-day vulnerability in WhatsApp to remotely install spyware on at least 1,400 user devices, allowing third parties to access messages after they were decrypted on the user’s phone. While WhatsApp later patched the bug and sued NSO, the incident exposed that encryption can be undermined by device-level compromises. Therefore, while the encryption claim is technically correct, it is misleading without acknowledging historical security lapses and device vulnerabilities.
Claim #2: “We do not track your precise location, we don’t keep logs of who everyone is messaging, and we do not track the personal messages people are sending one another.”
This statement is generally accurate but could be misinterpreted without added context. According to Meta’s Transparency Reports and WhatsApp’s Privacy Policy, the platform does not store message content or maintain logs of who is messaging whom. WhatsApp does not collect precise real-time GPS location unless shared directly by users. However, the app may collect metadata such as mobile number, usage logs (e.g., last seen), device information, and general location derived from IP addresses. Although not precise tracking, such metadata can still be significant and has raised concern among privacy advocates. WhatsApp’s refusal to collect or store message content distinguishes it from other platforms, but the absence of message logs does not mean users are invisible or untraceable on the platform.
Claim #3: “Last month, Israeli software company NSO Group was ordered to pay WhatsApp $167 million for hacking 1,400 people in 2019.”
This claim is inaccurate. While NSO Group did face legal pressure from WhatsApp, there is no publicly available evidence or legal record indicating that a court awarded $167 million to the company. Meta (then Facebook) filed a lawsuit against NSO Group in 2019 over the Pegasus spyware breach, and in 2023, a U.S. court cleared the way for that lawsuit to proceed by denying NSO’s claims of sovereign immunity. However, no settlement or court-imposed fine of $167 million has been publicly disclosed or confirmed as of June 2025. Therefore, this figure appears to be speculative or incorrect.
Claim #4: “Iran’s state broadcaster accused WhatsApp and Telegram of aiding Israel in identifying and targeting individuals.”
This claim was accurately reported as a summary of statements from Iran’s state media. According to local Iranian news broadcasts and reporting by NetBlocks and human rights organizations, the Iranian regime has intensified its crackdown on foreign messaging applications, often accusing them of collaborating with hostile governments. While there is no independently verifiable evidence that WhatsApp or Telegram has facilitated military targeting by Israel, Iran has a history of blaming foreign tech platforms during periods of unrest or external threats. Therefore, the CBS article accurately relayed Iran’s statements but did not verify their credibility, which is important for readers to understand.
Conclusion
While CBS News responsibly reports the underlying tensions between Meta and Iran, certain claims in the article require proper context or correction. WhatsApp’s description of its encryption practices is accurate but overlooks past vulnerabilities that were exploited by Pegasus spyware. Statements regarding tracking and data retention are broadly in line with policy but could mislead uninformed readers about what metadata is collected. Most notably, the article inaccurately reported a $167 million legal outcome against NSO Group, for which there is no public confirmation. On balance, the article offers valuable insights but would have benefitted from deeper clarification and factual precision, especially around cybersecurity and legal outcomes. There is no overt bias in the reporting, but important information was either generalized or unverified.
Take Action Now
For more accurate and real-time fact checks, Download the DBUNK App to stay protected against misinformation.
Link to Original Article
https://www.cbsnews.com/news/meta-concerned-iran-telling-citizens-stop-using-whatsapp/
