Telegram app logo
Telegram’s default encryption system is cloud-based.
Pavlo Gonchar/SOPA Images/LightRocket/Getty Images
  • Telegram is a secure option for messaging due to several features it offers, although there are some weaker areas in its overall security when comparing it to other messaging apps.
  • Usage of the chat platform Telegram has skyrocketed as WhatsApp users flock to alternative platforms amid privacy concerns.
  • Here’s what you need to know about Telegram’s level of security and how it measures against other privacy-concerned apps.
  • Visit Business Insider’s Tech Reference library for more stories.

Privacy concerns related to sharing data with Facebook drove a sea of users away from WhatsApp and toward other chat platforms, including Telegram, which hit 500 million active new users this month

However, that begs the question: Is Telegram secure?

Thankfully, from features like encrypted cloud storage to self-destructing messages that sound like something out of a spy movie, the answer is mostly yes.

Here’s some more information about what those measures mean, how they make Telegram secure, and where it falls short compared to a few of its most prominent competitors.

Telegram uses encryption, although not as extensively as some platforms

Unlike its competitor Signal, Telegram doesn’t by default apply end-to-end encryption to messages, which prevents any message intercepted by a third party from being interpretable. 

However, you can opt to have end-to-end encryption by using Telegram’s «secret chat» option.

Despite the fact that end-to-end encryption isn’t standard, Telegram says its two-chat system is the most secure solution for their widely-used app. It toggles between Cloud and Secret chats to protect all kinds of users, relying on a standard encrypted cloud storage system based on server-client encryption – called MTProto encryption.

The cloud storage system does have its setbacks. All of your content on the app is stored in the cloud, making it accessible across devices, but also lessening your control over the information being shared. This potentially poses a security risk. 

Telegram in App Store
The official Telegram Messenger app as displayed in Apple’s App Store.
Alexander Nemenov/AFP/Getty Images

Telegram’s secret chat option has other security features for the more privacy-concerned user, including self-destructing messages

In addition to the end-to-end encryption, secret chats also leave no trace on Telegram servers, don’t allow forwarding, and can be sent as self-destructing messages

Secret chats are also separate from the Telegram cloud, and instead can only be accessed via the device of origin. They are encrypted by another layer of security, found in client-client encryption.  

Compared to its competitors, Telegram does fall short security-wise in a few areas

Although end-to-end encryption is an option, it’s been a criticism of Telegram that that type of encryption isn’t the default setting – as it is for Signal, for instance.

Telegram’s secret chat option can also only be held between two people, meaning there’s a lack of end-to-end encryption for group chats.

And unlike Signal, Telegram doesn’t comprehensively encrypt metadata. Telegram collects your IP address, which Signal does not, and can link your phone number, contact list, and user ID back to you. 

This backfired in 2016 when the user information of 15 million Iranians was exposed by an Iranian group of hackers called Rocket Kitten. It was not confirmed whether the security breach was the work of Iranian government officials, but many of the targets were identified as political activists. 

Additionally, a deepfake bot scandal took place on Telegram in 2020, where users on Telegram channels exchanged nudes powered by the DeepNude software – meaning fake nudes of women were computer generated from images taken off social media and were used for trading purposes.

Sensity, a security company that uses AI software to detect deepfakes, uncovered more than 100,000 images on the app and found that around 70% of users were located in or around Russia

Similar to WhatsApp and Signal, it is suggested that you turn on two-step verification for the app to prevent account hijacks, which are made possible by hackers gaining access to your SMS code. 

You can also change your privacy settings in the app so that only your contacts have access to your phone number and profile information, instead of the «everybody» setting. 

Tech-savvy users can test Telegram’s security themselves due to the program’s open source aspects

One thing security advocates applaud about Telegram is that anyone with enough expertise can look under the hood at Telegram’s source code, protocol, and API – although the complete picture is proprietary and not fully open source.

Telegram also supports verifiable builds, meaning experts can check for themselves that the Telegram code published on GitHub is identical to the code powering the apps you download from the Apple App Store or Google Play Store.

Telegram has said that anyone with a verifiable claim that they can decipher Telegram messages can win $300,000 in its Cracking Contest.

Smaller bounties are offered as well if a tip results in a change in code or configuration.

Related coverage from Tech Reference:

Read the original article on Business Insider