Is_Telegram_secure

Is Telegram “Secure”?

oussamaNo Comments

I often hear Telegram being described as a “secure Messaging App” or as an “Encrypted Messaging App”, but let’s dive into the details…

First of all, Cyber Security is in essence a risk management exercise. in that sense, calling an app as “secure” or “not secure” is meaningless without identifying the context, and the threat model, and without defining and explaining associated risks. An App can have negligible associated risks for a specific context, but have significant associated risks in a different context. For example using a VPN might improve your privacy in one context, but might cause you legal troubles in a country that criminalize using VPNs.

Therefore, in my opinion, calling Telegram or any other app a “secure App” is meaningless without precisely identifying the context and the risks.

Now, while Telegram encrypts data in transit between the app and servers, messages can be accessed by Telegram (the company) unless a “Secret Chat” session is established pre-transmission. This is not the case on Signal, WhatsApp, and iMessage, where end-to-end encryption is the default and actually the only option. In addition to that, Telegram’s implementation of “Secret Chat” has many limitations.

Here are some issues related to “Secret Chats”
* They are not default and need manual activation (Tyranny of the default)
* They are not available in group chats of 3 or more. (all group chats can be accessed by Telegram)
* They requires the recipient to be online. (all offline messages can be accessed by Telegram)
* They use a non-public algorithm, hindering peer-review. (Security by Obscurity is usually not a good sign)

While Telegram’s level of encryption might be sufficient for most users, it’s crucial to note that it doesn’t match the standards set by modern end-to-end encrypted messaging apps like Signal, iMessage, or WhatsApp.

More on that here: https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/

In summary, Telegram is not a “secure” App nor does it deserve being called an “Encrypted Messaging App”.

Leave a Reply