Telegram is a free messaging app that works across multiple devices, offering no limits on media sizes, end-to-end encryption via “secret chats” and a whopping 200,000 person group chat capacity. The app even has a Bot API, allowing developers to create their own bots for their chats.
Telegram is so confident its messages can’t be deciphered that it’s actually run contests in the past challenging users to try to crack its encryption with a $300,000 prize at stake. The app also has an ongoing bug bounty programme in place to reward anyone who can spot a big enough flaw in Telegram’s app or protocol.
We reached out to security experts to learn more about Telegram, end-to-end encryption and how the app deals with your data. If you’re interested in their thoughts on other messaging apps, you can visit our guides to Is WhatsApp Safe? and Is Signal safe?
Save 81% on a VPN with SurfShark
Surfshark has dropped the price of its VPN to £1.94 a month. Head over to Surfshark now to pay a one time price of £46.44 for 24 months of Surfshark and save 81%.
- 81% off
- £1.94 a month
Is Telegram safe?
Antony Demetriades, VP at McAfee, told Trusted Reviews, while the app been around since 2013, its only recently that Telegram has become more of a household name.
“If you hadn’t heard of Telegram until 2021, you wouldn’t be alone”, said Demetriades.
“The messaging and social media platform has risen from relative anonymity to become one of the biggest players in the ‘secret messaging’ business in less than a year. With WhatsApp revealing a change to its T&Cs which informed users that their data would be shared with new parent company Meta, many people ‘jumped ship’ in search of a less intrusive messaging option”.
However, just because Telegram has a more trustworthy reputation than WhatsApp, that doesn’t mean your messages are automatically protected. End-to-end encryption is crucial to keeping your messages private and this is a level of protection that Telegram only offers in specific areas of its app.
“Telegram has positioned itself as an app committed to private and secure messaging. However, the fact that end-to-end encryption is not automatically used on messages sent in Telegram means it’s not as secure as privacy-focused messaging platforms such as Signal, which offers end-to-end encryption for all communications”, explained Demetriades.
Searchlight Security CTO and co-founder Dr. Gareth Owenson added that Telegram’s encryption also has its flaws.
“Telegram has a reputation as a secure messaging app but this is largely due to the feature set it offers rather than the strong encryption. Research by Royal Holloway recently found vulnerabilities in the cryptography used by Telegram”, said Dr. Owenson.
You might like…
While any app can be targeted by the wrong people, Telegram’s secure reputation and lax moderation has also been known to attract criminals in the past.
“Telegram is also popular amount darkweb criminals and other malicious actors due to its perceived security”, said Dr. Owenson.
Demetriades agreed, suggesting the service also has a very hands-off moderation approach is causing ongoing issues.
“One of the biggest issues with Telegram is the content shared in the app and the company’s “hand off” approach to moderation. Telegram’s unique combination of messaging and social media, plus its publicly relaxed content moderation strategy means it attracts a certain style of user who may have been outed from more mainstream online platforms”, said Demetriades.
“A quick Google search will produce multiple examples of how Telegram has been widely used by fringe political groups, while in 2017 security experts also acknowledged that it is in fact the app of choice for terrorist organisations. While this might make the platform appear unattractive, its user experience shows users aren’t exposed to controversial content given they haven’t gone looking for it”.
Telegram vs other messaging apps
So, how does Telegram compare to other popular messaging apps like WhatsApp and Signal? F-Secure’s Global Partner Product Advocate Fennel Aurora told Trusted Reviews from a technical standpoint there is a clear winner.
“Signal is mostly seen as the security and privacy standard for this kind of messaging app, and it is what I use primarily myself”, said Aurora.
“That said, there are cases where Signal can be less private and less safe depending on your definition – for example Signal requires use a phone number for connection with other users, which can have significant physical safety risks for many people who are targeted by stalkers. Telegram for example allows the use of a username instead which can be significantly safer for many people”.
Comparitech Privacy Advocate Paul Bischoff added that Telegram also requires users to opt-in to end-to-end encryption by creating a secret chat. The lack of end-to-end encryption by default can be its own privacy issue.
Telegram chats are not encrypted end-to-end by default. Encrypted chats cannot be accessed from multiple devices”, said Bischoff, explaining that the latter does make them more secure but less convenient than WhatsApp.
Bischoff added, “Telegram has bots, which are powerful tools but can be used for scams and cyberattacks”, though the expert also noted that all three apps have shown documented cybersecurity vulnerabilities over the years.
Tom Gaffney, Security Consultant at F-Secure added that Telegram’s data handling is comparable to WhatsApp, in some instances.
“WhatsApp and Telegram both work by building communities of users, collecting data on the user related to their device using fingerprinting (phone numbers, device data etc)”, said Gaffney.
“Additionally, Hackers target both platforms for scams and phishing URLs. Signal by default makes this much more difficult as it’s encryption process requires you to actively accept another user before messaging”.
When it comes down to it, Gaffney wouldn’t recommend using Telegram (or WhatsApp, for that matter) over the likes of Signal.
“WhatsApp and Telegram both have had a rocky relationship with user data. Both were implicated in the Snowden leaks and both have not provided evidence of independent code audit or security analysis. They have opaque terms related to data usage and in Whatsapp case, the parent company Facebook derives most of its money from using data it collects. So from a privacy perspective absolutely not as safe as Signal. Security companies such as F-Secure would not recommend them for truly private and confidential messaging”.
Kaspersky Home Security
Keep your online activity safe and private across multiple devices – without compromising speed.
Check out Kaspersky’s new security plans from just £10.99 per year
- £10.99 per year
Telegram and your data
We also asked the experts how exactly Telegram handles your data.
“If you signed up for Telegram in the UK, your data will be stored in ‘rented’ data centres in the Netherlands”, assured Demetriades.
“This means the data centres are run by third-parties but a space is rented to Telegram, so personal data is not shared with the data centres only stored using the servers. According to the platform’s privacy policies, all data is stored heavily encrypted so that local Telegram engineers or physical intruders cannot gain access”.
VP of European Enterprise Research at IDC, Duncan Brown told Trusted the app also refrains from showing ads in chats, which users will also appreciate.
“The company has promised never to advertise to users in private chats”, said Brown.
Should you move your chats to Telegram?
The general consensus from those we spoke to was that it’s safe to move your chats to Telegram, but Signal is better.
“With the availability of end-to-end encryption for private chats, Telegram can protect your private chats, but you cannot encrypt your group chats, one of the app’s most popular features. But if you’re looking for a top-notch end-to-end encrypted messaging app, then there are definitely better options around”, said Demetriades.
However, Consumer Privacy Champion at Pixel Privacy, Chris Hauk noted, Signal is less popular than other messaging apps, which could have you tempted to join Telegram if that’s where all your contacts are.
“Many users are not concerned about their messaging app’s privacy offering, instead they usually use the messaging apps used by their friends and family”, said Hauk.
“However, anyone who messages about more than “do we need milk?” should consider using one of the three messaging services (Telegram, Signal and WhatsApp), while also encouraging their friends and family to also use the apps”.
There’s also no reason to leave Telegram if you’re already using it, according to Brown.
“All messenger apps are subject to geo-political moves, such as bans and sanctions, and Telegram has been subject to these over the years. But as it stands Telegram is safe and stable. If you’re worried about data sharing, then Telegram should be a safe place for you”.
As ever, Trusted Reviews recommends any privacy conscious user invest in a reliable VPN to help protect their data. You can see a list of the best VPNs we’ve tested in the attached guide.