E2E encryption hides the message content. It doesn’t hide who you talk to, when, how often, or from which location. Meta owns WhatsApp. That metadata goes somewhere.
Meta owns WhatsApp. They can’t read your messages — the end-to-end encryption is real — but they don’t need to. Who you talk to, when, how often, from where, and for how long: that’s all metadata, and Meta collects every bit of it. The message content is encrypted. The pattern of your life is not.
DO / DON’T
DO:
- Set up privacy and security settings and help family do the same
- Remember privacy concerns when using your real name and birthdate for registration
- Change your password periodically and enable Two-Factor Authentication
DON’T:
- Send anything compromising — even over encrypted platforms. Encryption protects the wire. It doesn’t protect the device at either end.
- Connect with people you don’t know
- Register or log in using third-party sites (e.g., Google login) — these aggregate and combine your data
Your Profile
Path: Tap your name to access Profile
- Review and update: Name, Photo, and About information
- Your profile shows the phone number registered to your account — this is shared with your contacts
- QR Code: Only share your QR code with people you know and trust — it can be used to add you as a contact
Privacy Settings
Path: Settings > Account > Privacy
| Setting | Recommended Value |
|---|---|
| Status | My Contacts |
| Profile Photo | My Contacts |
| About | My Contacts |
| Last Seen | My Contacts |
| Live Location | OFF |
| Screen Lock | ON |
Screen Lock requires Face ID to open WhatsApp — you can still reply from notifications and answer calls, so it doesn’t break functionality.
Security & Two-Step Verification
Path: Settings > Account > Security
- Enable Show Security Notifications — get notified when your security code changes for a contact (e.g., when they reinstall WhatsApp or switch phones). A changed security code can indicate account hijacking.
Path: Settings > Account > Two-Step Verification
- Enable Two-Step Verification — strongly recommended for any account used for regular communication
E2E encryption protects message content. Metadata — who you talk to, when, how often — is still collected by Meta. Enable Screen Lock and Two-Step Verification; those are the two settings that actually protect your account if your phone gets into the wrong hands.