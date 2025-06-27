In mid-June, as Israel and Iran traded missiles and drones during the so-called 12-day war, Iran’s state television called on citizens to delete WhatsApp from their smartphones. Officials claimed the messaging app was leaking user data to Israel and posing a threat to national security.

The warning followed an Israeli takedown of Iran’s senior military command in a barrage of military strikes, which was so precise that it raised immediate questions about Tehran’s vulnerability to espionage.

Whether WhatsApp was directly involved remains unclear. But the episode put a glaring spotlight on a concern regarding how much consumers can trust messaging platforms to keep their data private.

And more pressingly, how much access do domestic and foreign state actors really have to the digital conversations people assume are encrypted and secure?

Messaging applications like WhatsApp, Signal, Telegram, and Apple’s iMessage have become ubiquitous for private communications.

In recent years, these services have widely adopted end-to-end encryption, meaning that only the communicating users can decrypt the messages, not even the service providers.

This widespread encryption presents a significant challenge for national security and intelligence agencies, which historically relied on intercepting communications.

However, even with end-to-end encryption shielding message content, national security agencies have developed an array of technical strategies to monitor suspects on messaging platforms.

These range from capturing unencrypted data where available, collecting metadata, and exploiting software vulnerabilities, to co-opting the service providers themselves through legal or covert means.

Company cooperation with governments varies and is often opaque, which raises critical questions about trust, transparency, and systemic vulnerabilities.

While some messaging apps promote strong end-to-end encryption, trust in their security should be measured.

Intelligence agencies, both domestic and foreign, have a long record of accessing data once thought secure.

The technological edge these agencies maintain, combined with significant information asymmetry, means the public is often unaware of what is even possible.

In this context, absolute confidence in digital privacy is, at best, misplaced.

Metadata collection



Metadata is often the first resource intelligence agencies exploit. Even with encrypted messaging, metadata remains exposed.

It includes details such as who communicated, when, for how long, and the size of messages. This seemingly peripheral information can be highly valuable for surveillance, enabling patterns, relationships, and behaviours to be inferred without accessing the actual message content.

Metadata alone can be highly revelatory.

Former NSA and CIA chief Michael Hayden once said , “We kill people based on metadata”, which highlights how communication patterns without needing actual message texts are used to locate and target individuals.

“We kill people based on metadata” Michael Hayden, Former NSA and CIA chief

In the context of messaging apps, metadata includes phone number, device information, when the user signed up, logs of whom a user contacts and when, IP addresses and location stamps.

WhatsApp, for instance, can provide basic subscriber information and usage logs under subpoena, and with a court order can even reveal a target’s WhatsApp contacts and which users have the target in their contacts.

Moreover, the company can be compelled to deliver near-real-time metadata and report who a user is messaging and when, updated every 15 minutes.

Some other companies – such as Signal – claim they keep the metadata they collect to a minimum for this very reason.

In the first subpoena Signal received, it could only supply the date and time a user registered and the last time they used the service. They say they do not store contact lists, message timestamps, or any identifiers beyond a phone number, making metadata collection very limited by design.

On a broader scale, intelligence agencies may also perform network-level traffic analysis.



For example, the NSA’s SIGINT units tap into Internet backbones and record bulk traffic. Even if they collect WhatsApp messages encrypted, they can still see the encrypted packets going from one IP to another.

Over time, correlating these packets’ size, timing, and frequency along with known user IP addresses or identities can yield a metadata picture of who is talking to whom.

Techniques like timing analysis can sometimes identify communication pairs. Snowden’s leaks revealed programmes like MYSTIC , which recorded all phone call metadata and even content in some countries for analysis.

Thus, even without breaking encryption, agencies mine the signals around the encrypted content.

Hacking the device



When communications are encrypted in transit and on providers’ servers, the easiest interception point is often the sender’s or receiver’s device before encryption or after decryption.

Intelligence agencies have invested heavily in cyber capabilities to compromise smartphones and computers, allowing them to read messages directly from a device screen or memory.

This tactic was explicitly acknowledged in the CIA’s leaked Vault 7 files , which detailed a range of malware and exploits for iOS and Android devices.

Those documents confirmed that intelligence agencies can take almost complete remote control of a user’s phone and turn it into a listening device .

Once an agency achieves root or admin access on a phone, it can bypass or directly capture any ‘secure’ app’s content, since the app must decrypt messages for the user.