SAN FRANCISCO — A cybersecurity company said it had discovered a flaw in WhatsApp, the Facebook-owned messaging service with 1.5 billion users, that allows scammers to alter the content or change the identity of the sender of a previously delivered message.

By creating a hacked version of the WhatsApp application, scammers can change a “quote” — a feature that allows people within a chat to display a past message and reply to it — to give the impression that someone sent a message they did not actually send, according to the company, Check Point Software Technologies.

WhatsApp acknowledged that it was possible for someone to manipulate the quote feature, but the company disagreed that it was a flaw. WhatsApp said the system was working as it had intended, because the trade-offs to prevent such a deception by verifying every message on the platform would create an enormous privacy risk or bog down the service. The company said it worked to find and remove anyone using a fake WhatsApp application to spoof the service.

“We carefully reviewed this issue and it’s the equivalent of altering an email,” Carl Woog, a spokesman for WhatsApp, said in a statement. What Check Point discovered had nothing to do with the security of WhatsApp’s so-called end-to-end encryption, which ensures only the sender and recipient can read messages, he said.