Telegram, the supposedly secure messaging app, has over 100 million users. You might even be one of them. If you are, you should probably stop using it right now. Here’s the unfortunate truth about Telegram: it’s not as secure as the company’s marketing campaigns might lead you to believe.
According to interviews with leading encryption and security experts, Telegram has a wide range of security issues and doesn’t live up to its proclamations as a safe and secure messaging application.
One major problem Telegram has is that it doesn’t use end-to-end encryption by default, something the FBI has advocated for. “There are many Telegram users who think they are communicating in an [end-to-end] encrypted way, when they’re not because they don’t realize that they have to turn on an additional setting,” Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union, told Gizmodo. “Telegram has delivered everything that the government wants. Would I prefer that they used a method of encryption that followed industry best practices like WhatsApp and Signal? Certainly. But, if it’s not turned on by default, it doesn’t matter.”
There’s no reason to not to use end-to-end encryption for your messages by default, especially as an application that brands itself one that makes security a high priority. Contrary to the opinions of almost every encryption and security expert, Telegram’s FAQ touts itself as more secure as WhatsApp. But in reality, WhatsApp uses the most highly praised encryption protocol on the market and encrypts every text message and call by default.
Besides making flawed product choices like offering non-end-to-end-encrypted chatting, a boon to would-be hackers or government surveillance programs, experts also indicate that the actual encryption technology is flawed. Telegram did what’s known as “rolling their own encryption,” which is widely considered to be a fatal flaw when developing encrypted messaging apps.
“They use the MTproto protocol which is effectively homegrown and I’ve seen no proper proofs of its security,” Alan Woodward, professor at the University of Surrey told Gizmodo. Woodward criticized Telegram for their lack of transparency regarding their home cooked encryption protocol. “At present we don’t know enough to know if it’s secure or insecure. That’s the trouble with security by obscurity. It’s usual for cryptographers to reveal the algorithms completely, but here we are in the dark. Unless you have considerable experience, you shouldn’t write your own crypto. No one really understands why they did that.”
“When experts universally praise the Signal protocol that Open Whisper Systems uses and that WhatsApp uses, there is no reason to roll your own encryption,” Soghoian said. “This is computer security 101. There’s no reason to roll your own when something perfectly good already exists that has been audited extensively.”
“They basically made up a protocol,” Matthew Green, a professor of cryptography at Johns Hopkins University, told the Daily Dot last year. “According to their blog post, they have a couple of really brilliant mathematicians who aren’t really cryptographers but were smart, so they came up with their own protocol. It’s pretty crazy. It’s not something that a cryptographer would use. That said, I don’t know if it’s broken. But it’s just weird.”
The app also leaks metadata “like a champion,” Woodward said. Earlier this year a security researcher discovered that an attacker could figure out when a user was online and offline, which could help determine who you are talking to and when you use the app.
So the point is, if you’re looking to communicate securely, just use Signal, iMessage, or WhatsApp. Telegram has too many potential flaws and hiccups that may compromise its integrity as a secure messaging application.
Update 8/31/2019: After publication of this article Telegram’s creators implemented several changes that are recognized by qualified cryptographers as a vast improvement to its encryption scheme. Since 2017, for example, the MTProto protocol has been recognized as IND-CCA secure.
Additionally, the story has be updated to clarify that Telegram does not use end-to-end encryption by default. Client-server communication is encrypted by default.