WhatsApp is the world's most popular messaging app, used by over 2 billion people in 180+ countries. It handles text, voice, video calls, and file sharing. Messages use the Signal Protocol for end-to-end encryption, so only you and the person you're talking to can read them.

The app is free for personal use. Meta makes money through WhatsApp Business, charging companies per message for marketing, support, and authentication. You won't see ads inside WhatsApp itself, but the metadata WhatsApp collects feeds into Meta's ad-targeting systems across Facebook and Instagram.

Message content stays encrypted. But WhatsApp collects a lot of metadata: who you talk to, when, how often, your phone number, device info, IP address, and your entire contact list. This metadata gets shared across Meta's family of companies. Ireland's data protection authority fined WhatsApp a combined EUR 230.5 million for GDPR violations between 2021 and 2023.

Worth knowing

In 2025, Meta added its AI assistant directly into WhatsApp. Users in Europe had no way to turn it off or remove it. That triggered fresh scrutiny from EU regulators. WhatsApp also requires your phone number to sign up, so anonymous use is not possible. Your contacts get uploaded to Meta's servers during registration.

Security researchers found a zero-click exploit (CVE-2025-55177) that allowed spyware installation on iPhones without any user interaction. A separate vulnerability exposed profile data for billions of accounts. WhatsApp patches these issues, but the pattern of recurring vulnerabilities is worth considering if you handle sensitive conversations.