The rapid rise of Zoom Video Communications Inc.'s video conferencing app amid the coronavirus outbreak has led to a series of privacy and security headaches for the company, raising questions about the application's future.

The company's daily userbase grew to 200 million in April from 10 million before the pandemic, and its share price surged to an all-time high close of $159.56 on March 23 up from $68.72 at the start of the year.

However, Zoom's sudden popularity has been marred by a string of privacy snafus that include sharing data with Facebook Inc. without consent and misrepresenting the level of encryption offered for its meetings. Now, the company is facing a host of lawsuits and government inquiries. Moreover, Credit Suisse analyst Brad Zelnick on April 6 cut his rating on Zoom shares to "underperform" from "neutral," arguing that even though the company's user base has grown twentyfold, the surge is likely to prove ephemeral as many of these new users will be difficult to monetize. The company's shares tumbled more than 15% in intraday trading on April 6 and were trading around $114.07 in late afternoon trading on April 8.

READ MORE: Sign up for our weekly coronavirus newsletter here, and read our latest coverage on the crisis here.

Multiple state attorneys general have reached out to Zoom to learn more about their privacy and security practices. And on April 3, a group of Democratic lawmakers from the U.S. House Committee on Energy and Commerce sent a letter to Zoom CEO Eric Yuan raising concerns and questions.

Among the recent lawsuits filed against Zoom is one from a California man seeking class-action status. The suit alleges that Zoom improperly disclosed personal information to third parties without adequate notice and seeks damages and relief under three laws, one of which is California's new privacy law, the Consumer Privacy Act.

Sarah Bruno, a partner at the law firm Reed Smith LLP who has counseled extensively on CCPA, told S&P Global Market Intelligence in an interview that she thinks the lawsuit, as applied to CCPA, will be an uphill battle.

The bigger issue for some industry experts is how Zoom's stated approach to encryption differs from its actual approach. Zoom uses a custom encryption scheme and promises to protect user data with "end-to-end chat encryption ... where only the intended recipient can read the secured message," according to the company's website as of April 8. However, end-to-end encryption typically implies content between users is entirely protected, even from the company hosting the application. In Zoom's case, it could access users' content.

In an April 1 blog post, Oded Gal, Zoom's chief product officer, issued an apology on behalf of the company for using the term "end-to-end encryption" in a way that differs from how the security industry uses it.

"Zoom has always strived to use encryption to protect content in as many scenarios as possible, and in that spirit, we used the term end-to-end encryption," Gal wrote. "While we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it."

This revelation, among the other security and privacy issues that have emerged, led Patrick Moorhead, president and principal analyst at technology-focused research firm Moor Insights & Strategy, to declare in an April 3 opinion piece in Forbes that he cannot recommend Zoom for security-conscious companies or schools until its issues are ironed out.

Moorhead told S&P Global Market Intelligence in an interview that one step Zoom needs to take for him to recommend the service would be to reestablish confidence that the company is doing what it says it is doing when it comes to security.

"My biggest issue … categorically was that it was dishonest with the way it describes its security," he said.

Moorhead added that while he believes Zoom will see a dramatic decline in its traffic from businesses, government entities and schools, he still thinks the service will remain relatively popular for consumers having public conversations and some small businesses.

Beyond those consumers, Moorhead sees "a tough row to hoe" to maintain the service as a client for large enterprises and governments.

"Governments won't use you if you've got a security issue — they will sue you for a privacy issue," he said.

Fernando Montenegro, principal analyst, information security at 451 Research, an offering of S&P Global Market Intelligence, said Zoom had opted for design choices that favored ease-of-use and accessibility, which made them less than optimal from a security perspective.

"Zoom designed the security controls of the app with commercial and business users who typically have dedicated IT staff to add an extra layer of security. But when hundreds of millions of additional users, many of which are not very tech-savvy, started using it as well, the controls in place did not suffice," Fernando said.

Montenegro pointed out that the more usage a platform gets, the more attention and scrutiny it will attract, which in turn requires tighter security. However, with twentyfold growth in the past three months, the company was overwhelmed, so it was not able to preempt incidents such as Zoom bombing, he said. Zoom bombing involves uninvited people crashing into group chats to interrupt and harass users.

"To Zoom's credit, I think they have been doing a good job at patching and fixing issues that have been popping up," Montenegro said. "But with the hundreds of millions of users there will definitely be much more scrutiny, so they will now have to answer for the security choices they made initially."

Zoom's CEO has already apologized and vowed that the company would spend the next 90 days addressing security and privacy issues proactively.

"We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived," Yuan said.

Moorhead noted it will take some time for Zoom to implement the needed fixes.

"I've never seen anything big get done in 90 days, particularly when it comes to security," he said.