Iranian state media urged citizens to delete the app and alleged it was sending user data to Israel. AFP
Iranian state media urged citizens to delete the app and alleged it was sending user data to Israel. AFP
Iranian state media urged citizens to delete the app and alleged it was sending user data to Israel. AFP
Iranian state media urged citizens to delete the app and alleged it was sending user data to Israel. AFP

WhatsApp security questioned as Israel remains the only known actor to hack it


Dana Alomar
  • English
  • Arabic

WhatsApp is facing renewed scrutiny after Iranian state media urged citizens to delete the app and alleged it was sending user data to Israel.

The messaging platform, owned by US tech giant Meta, denied the claim and said it was “concerned these false reports will be an excuse for our services to be blocked at a time when people need them the most”.

“We do not track your precise location, we don’t keep logs of who everyone is messaging and we do not track the personal messages people are sending one another,” a statement said. “We do not provide bulk information to any government.”

The timing of the accusation has sparked fresh debate around WhatsApp’s security, particularly given that Israel is the only country known to have successfully hacked the platform.

Strong encryption?

“WhatsApp uses strong end-to-end encryption, which means only the sender and receiver can read the messages,” said Mohammad Ismail, vice president for EMEA at Cequence Security, a company that offers application programming interfaces security management. "Even WhatsApp itself can’t see what’s being shared."

In practice, this kind of encryption is considered very secure and is trusted by security professionals around the world, he said.

"However, the biggest risks usually does not come from the encryption, but from things like someone getting access to your phone or tricking you into revealing your login,” he told The National.

Pegasus breach

In 2019, the messaging platform filed a lawsuit against Israeli spyware company NSO Group, claiming the firm’s Pegasus software had exploited a vulnerability in the app to target more than 1,400 users.

Victims included journalists, human rights defenders and activists across several countries.

The attack did not compromise WhatsApp’s end-to-end encryption. Instead it utilised a “zero-click” exploit, a method that enables spyware to be installed simply by sending a specially crafted message or call, which triggers the hack without the user needing to click or even see it.

Once Pegasus is installed, it can bypass encryption entirely by accessing messages directly, recording calls and even activating the phone’s camera and microphone without the user’s knowledge, according to the Organised Crime and Corruption Reporting Project.

The NSO Group says it licenses Pegasus exclusively to vetted government clients for use in counterterrorism and criminal investigations, and all foreign sales are subject to approval by the Israeli Defence Ministry.

Encryption v device-level threats

While WhatsApp’s encryption remains intact in such cases, security experts warn encryption alone is not enough to protect against sophisticated surveillance tools.

Experts say directly breaching WhatsApp encryption is extremely unlikely. “It would take huge computing power and advanced knowledge, which even most government agencies don’t have,” Mr Ismail said. “Instead, hackers usually go after easier targets, like hacking into your phone, sending fake links, or using spyware.”

Technical flaws and metadata risks

Subho Halder, chief executive and co-founder of Appknox, a security platform, noted that WhatsApp’s encryption protocol, the Signal Protocol, is considered the gold standard in secure messaging.

“WhatsApp’s end-to-end encryption remains mathematically unbreakable with today’s technology,” Mr Halder told The National.

However, a recent scan of WhatsApp’s latest Android build (v2.25.9.78) by Appknox uncovered several critical and high-severity implementation flaws, including insecure network configurations, hardcoded secrets and potential file access vulnerabilities.

“These don’t break encryption directly, but they expose sensitive data through poor engineering practices,” he added. “The real risk often lies not in the cryptography, but in how securely it’s implemented.”

He added that other vectors remain concerning. “WhatsApp does not encrypt metadata, like who messaged whom, when and for how long, which can still be revealing even without access to the message content,” Mr Halder said.

He noted that cloud backups, while now optionally encrypted, have previously posed security risks.

Regional distrust

The renewed concern over WhatsApp’s vulnerability comes amid broader distrust in Meta in the Middle East.

Last year, the firm updated its hate speech guidelines to restrict posts referencing Zionists, saying the term was frequently used in way to dehumanise Jews and Israelis.

However, researchers and rights groups argue this change has led to the suppression of political speech, especially from pro-Palestinian voices.

Meta has been accused of “shadow-banning” Arabic or Palestine-related content, and Human Rights Watch documented more than 1,000 instances of post removals or demotions on Facebook and Instagram in October and November last year.

Wider context in Iran

Iran’s call to delete WhatsApp is not unprecedented. The app was blocked during nationwide protests in 2022 following the death of Mahsa Amini in police custody.

Although the ban was lifted late last year, the government maintains tight control over digital communication and platforms like WhatsApp are widely used via virtual private networks (VPNs).

WhatsApp is one of Iran’s most popular messaging apps, along with Instagram and Telegram.

Benefits of first-time home buyers' scheme
  • Priority access to new homes from participating developers
  • Discounts on sales price of off-plan units
  • Flexible payment plans from developers
  • Mortgages with better interest rates, faster approval times and reduced fees
  • DLD registration fee can be paid through banks or credit cards at zero interest rates
Labour dispute

The insured employee may still file an ILOE claim even if a labour dispute is ongoing post termination, but the insurer may suspend or reject payment, until the courts resolve the dispute, especially if the reason for termination is contested. The outcome of the labour court proceedings can directly affect eligibility.


- Abdullah Ishnaneh, Partner, BSA Law 

The specs: 2018 Chevrolet Trailblazer

Price, base / as tested Dh99,000 / Dh132,000

Engine 3.6L V6

Transmission: Six-speed automatic

Power 275hp @ 6,000rpm

Torque 350Nm @ 3,700rpm

Fuel economy combined 12.2L / 100km

COMPANY PROFILE
Name: HyperSpace
 
Started: 2020
 
Founders: Alexander Heller, Rama Allen and Desi Gonzalez
 
Based: Dubai, UAE
 
Sector: Entertainment 
 
Number of staff: 210 
 
Investment raised: $75 million from investors including Galaxy Interactive, Riyadh Season, Sega Ventures and Apis Venture Partners
Dust and sand storms compared

Sand storm

  • Particle size: Larger, heavier sand grains
  • Visibility: Often dramatic with thick "walls" of sand
  • Duration: Short-lived, typically localised
  • Travel distance: Limited 
  • Source: Open desert areas with strong winds

Dust storm

  • Particle size: Much finer, lightweight particles
  • Visibility: Hazy skies but less intense
  • Duration: Can linger for days
  • Travel distance: Long-range, up to thousands of kilometres
  • Source: Can be carried from distant regions
UAE currency: the story behind the money in your pockets
The specs

Engine: Four electric motors, one at each wheel

Power: 579hp

Torque: 859Nm

Transmission: Single-speed automatic

Price: From Dh825,900

On sale: Now

Key facilities
  • Olympic-size swimming pool with a split bulkhead for multi-use configurations, including water polo and 50m/25m training lanes
  • Premier League-standard football pitch
  • 400m Olympic running track
  • NBA-spec basketball court with auditorium
  • 600-seat auditorium
  • Spaces for historical and cultural exploration
  • An elevated football field that doubles as a helipad
  • Specialist robotics and science laboratories
  • AR and VR-enabled learning centres
  • Disruption Lab and Research Centre for developing entrepreneurial skills
Company info

Company name: Entrupy 

Co-founders: Vidyuth Srinivasan, co-founder/chief executive, Ashlesh Sharma, co-founder/chief technology officer, Lakshmi Subramanian, co-founder/chief scientist

Based: New York, New York

Sector/About: Entrupy is a hardware-enabled SaaS company whose mission is to protect businesses, borders and consumers from transactions involving counterfeit goods.  

Initial investment/Investors: Entrupy secured a $2.6m Series A funding round in 2017. The round was led by Tokyo-based Digital Garage and Daiwa Securities Group's jointly established venture arm, DG Lab Fund I Investment Limited Partnership, along with Zach Coelius. 

Total customers: Entrupy’s customers include hundreds of secondary resellers, marketplaces and other retail organisations around the world. They are also testing with shipping companies as well as customs agencies to stop fake items from reaching the market in the first place. 

Specs
Engine: Electric motor generating 54.2kWh (Cooper SE and Aceman SE), 64.6kW (Countryman All4 SE)
Power: 218hp (Cooper and Aceman), 313hp (Countryman)
Torque: 330Nm (Cooper and Aceman), 494Nm (Countryman)
On sale: Now
Price: From Dh158,000 (Cooper), Dh168,000 (Aceman), Dh190,000 (Countryman)
How to watch Ireland v Pakistan in UAE

When: The one-off Test starts on Friday, May 11
What time: Each day’s play is scheduled to start at 2pm UAE time.
TV: The match will be broadcast on OSN Sports Cricket HD. Subscribers to the channel can also stream the action live on OSN Play.

Updated: June 19, 2025, 12:48 PM`