For most Malaysians, WhatsApp is not just an app. It is where you talk to family, run a side business, coordinate with colleagues, and sometimes even reach a government counter. So a lawsuit in the United States questioning whether those chats are as private as Meta says they are deserves a closer look at home.
On 21 May 2026, Texas Attorney General Ken Paxton filed a lawsuit against WhatsApp and its parent company Meta, accusing them of misleading users about end-to-end encryption. According to The Texas Tribune, the suit claims WhatsApp tells users that not even the company can read their messages, while Meta allegedly runs an internal "task" system that lets some employees and contractors request access to message content. The case was filed under the Texas Deceptive Trade Practices Act and asks for an injunction plus penalties of up to USD10,000 for each violation.
Meta rejects the claim. A company spokesperson said WhatsApp cannot access people's encrypted communications and that any suggestion otherwise is false, adding that it would fight the suit. These allegations are unproven, and Ars Technica notes that a separate US Commerce Department inquiry into the same question was closed earlier this year. For now this is a dispute headed to court, not a finding of fact.
Editor
Kai T chevron_right
Table of Contents
Why this lands harder in Malaysia than in Texas
Here is the uncomfortable part for local readers: few countries lean on WhatsApp as heavily as Malaysia does. Industry estimates put the app's reach at roughly 84 percent of the country's internet users, and about half of registered Malaysian SMEs use WhatsApp Business to take orders and talk to customers, the highest rate in Southeast Asia. Family chats, school groups, supplier negotiations, and some agency communications all run through one platform. If there is ever genuine doubt about how private those messages are, the exposure here is far larger than in a single US state.
None of this means your chats have been read. It means the gap between marketing language and what a platform can technically do is now a live question, and Malaysians have more riding on the answer than almost anyone. Our own Personal Data Protection Act governs how companies handle personal data, but enforcement around foreign messaging platforms is light, and most users have never opened a privacy policy in either English or Bahasa Malaysia.
What encryption actually hides, and what it does not
It helps to be clear about what end-to-end encryption was ever meant to protect. When it works as described, it scrambles the content of your messages, calls, and media so that only you and the person you are talking to can see them. What it does not hide is the metadata around those messages: who you contact, how often, when, and your contact list. That information alone can reveal a great deal, and it sits outside the encryption argument entirely.
So what should a Malaysian user do? Probably not panic, and certainly not abandon a tool the whole country runs on. The sensible response is the one that was always true: treat any "private" chat as something that could, in some scenario, be seen by someone else. For genuinely sensitive conversations, privacy-first apps such as Signal remain an option, and turning on disappearing messages plus reviewing your backup settings reduces how much sits around to be exposed later.
The Texas case will take months, possibly years, to resolve. The useful takeaway for Malaysians is simpler and available today: the most popular app in the country is only as private as its weakest promise, so it pays to know the difference between what is genuinely encrypted and what is merely assumed.