WhatsApp is arguably one of the most secure messaging apps, second only to Signal, that offers end-to-end encryption by default. It means that no one, not even Meta can read your private messages, except for the sender and receiver. With over 3 billion users, WhatsApp’s security and privacy guarantees largely stem from the strong implementation of end-to-end (E2E) encryption.
However, Meta is developing “Private Processing” to enable AI features on WhatsApp, which could undermine its widely trusted E2E encryption. Until now, WhatsApp has largely remained secure, and Meta has even taken spyware companies like NSO to court to protect user privacy. But this time, Meta seems to be diluting WhatsApp’s integrity through its own actions, only to bring AI features to WhatsApp.
Meta is Building Private Processing for WhatsApp AI Features
Meta has shared an early look at Private Processing, a new technology designed to bring AI features to WhatsApp while claiming to maintain core privacy. It will allow people to use AI features on WhatsApp like summarizing unread messages or generating writing suggestions. However, in order to process such AI requests, the message content will be sent to Meta’s cloud servers, which raises concerns about WhatsApp’s end-to-end encryption.
To address privacy concerns, Meta says the communication between the user’s device and the Private Processing infrastructure is also end-to-end encrypted. In addition, Meta claims that no one including Meta itself and WhatsApp can decrypt these messages, as they are protected using an “ephemeral key”. This key is only known to the user’s device and the selected TEE (Trusted Execution Environment) on the cloud server.
That said, by introducing Private Processing on WhatsApp, Meta is effectively creating a third layer of access — beyond the sender and receiver — into the messaging chain. In a way, this breaks the traditional end-to-end encryption model of WhatsApp, allowing another intermediary to access personal messages, on request.
Meta says the Trusted Execution Environment (TEE) is built on top of “confidential computing infrastructure” to uphold user privacy and security. Now, let’s understand how TEE is designed for WhatsApp Private Processing and whether it inspires confidence.
How TEE is Designed For WhatsApp Private Processing
The Trusted Execution Environment (TEE) on Meta’s cloud servers is designed to process WhatsApp AI requests privately. It’s a highly private environment where the system is completely isolated from all parties. Its communication with the user’s device is end-to-end encrypted, and no one including Meta, WhatsApp, or any third-party actor can access the data — not in transit or at rest.
Next, Meta has disabled remote access to TEEs, allowing further isolation. In addition, the server hardware uses CPU technologies like “confidential virtualization” and secure GPU modes to prevent attacks on the hardware. Following that, TEEs don’t save messages after processing them. Basically, it’s a “stateless” system where all messages are discarded after data processing. It also means that your messages won’t be used for training AI models by Meta.
Furthermore, Meta says Private Processing uses anonymous credentials to authenticate users, but can’t identify them. In fact, it doesn’t pass identifiable information to the system to minimize data leaks. Finally, there are verification systems in place to perform hardware-based attestations and only load a trusted list of software.
And to improve transparency, Meta plans to publish the system code so that researchers can verify and audit the code. Not only that, but Meta is expanding its bug bounty program for independent security testing.
WhatsApp’s Private Processing sounds pretty similar to Apple’s Private Cloud Compute. Apple has also developed its own cloud infrastructure to privately process Apple Intelligence features. While Apple has built a strong reputation for protecting user privacy at all costs, the same can’t be said for Meta, given its past track record.
Enable Advanced Chat Privacy to Turn off AI Features in WhatsApp
If you are skeptical of Meta’s Private Processing promise for AI features, you can enable “Advanced Chat Privacy” in WhatsApp. This option allows you to “block others from exporting chats, auto-downloading media to their phone, and using messages for AI features.“
You can enable Advanced Chat Privacy for individual chats and group chats as well. Basically, other users won’t be able to use your chats for AI features.
While tech companies are racing to integrate AI features into every product, I think messaging apps should remain isolated from cloud-based AI processing. In security, data minimization is one of the fundamental principles, and WhatsApp has followed this core principle for many years, especially by implementing end-to-end encryption. Meta should be cautious in adopting Private Processing in WhatsApp, which adds some AI features but also introduces a new attack vector.
