Is Telegram safe? We asked three security experts to weigh in
Is Telegram safe? We asked three security experts to weigh in
Earlier this week, we reached out to three security experts to discuss Signal and how it handles your data, but Signal isn’t the only messaging app that’s seen a swarm of new users this year. This time, we spoke to three experts to learn more about Telegram.
Back in January, WhatsApp announced that users would be required to agree to share data with Facebook to continue to access its messaging service, causing thousands of users to seek out a new home for their chats. One of the most popular choices has been Telegram, which offers encryption, self-destructing messages and supports group conversations of up to 200,000 people.
Telegram reportedly gained 100 million new users in January, and continued to encourage users to migrate to the app by rolling out a feature that allows users to transfer their chat history from WhatsApp, Line or KakaoTalk to Telegram. The migration feature means that users can find all of their attachments and timestamps in Telegram and seamlessly pick up the conversation where they left off.
We’ve looked at WhatsApp and Signal, so now it’s Telegram’s turn. Here’s what three security experts from McAfee, F-Secure and Kaspersky had to say about Telegram and how it deals with your data.
Is Telegram safe to download?
“Telegram is a cross-platform, cloud based instant messaging software and application service which features a secret chat option with end-to-end encryption”, said Chief Scientist and McAfee Fellow, Raj Samani.
“While Telegram is a secure way of communicating with friends and family, when downloading the platform, data such as a consumers IP address, device details, history of a username changes and more are all stored on Telegram’s data cloud for 12 months”.
Samani recommends that users check the security settings on any messaging platform they download to ensure the settings are configured appropriately.
Of course, one of Telegram’s key selling points is its focus on user safety and safety. However, this doesn’t mean the app is free of vulnerabilities, warns Associate Security Consultant at F-Secure, Joseph Foote.
“The safety of the Telegram application comes down to the security model employed by Telegram as a company”, said Foote.
“One of Telegram’s key marketing points is a focus on user safety, and protection from would-be attackers. In practice, this can be considered to go either way. Telegram is an open-source application, meaning anyone can audit it and understand exactly how their data is being gathered and transmitted. However, this can also aid hackers in the development of attacks against its users”.
It isn’t always a question of the security of the app itself, either.
“Android includes a built-in Accessibility Service and attackers have been known to exploit the capabilities of this service in order to collect user data”, warned Principal Security Researcher at Kaspersky, David Emm.
“Last year we discovered stalkerware that could use this standard function to see the text of incoming and outgoing messages from instant messengers”.
For this reason, you should make sure to follow basic rules when installing any new app to protect your data, including only downloading apps from official marketplaces, avoiding suspicious links, installing a security solution on your phone, paying attention of the permissions requested by an app, and familiarising yourself with the app’s user agreement.
Is Telegram better than other messaging apps?
Telegram has surged in popularity over the past few months, but how does it compare to other messaging services in the iOS and Android app stores.
“With any messaging platform, there are both benefits and drawbacks”, said Samani.
One of the major benefits of using Telegram is it’s aforementioned focus on privacy.
“Telegram prides itself on giving consumers the feature of self-destructing messages, and it even goes a step further, by not enabling the forwarding of messages in secret chats, keeping consumer’s messages safe”, said Samani.
But, this doesn’t mean Telegram knows nothing about you.
“There are also drawbacks to be aware of when considering the security of your data/messages. Another drawback when using Telegram over other messaging apps is that the platform can access all of your contacts. McAfee advises consumers to be extra-cautious about the information they choose to share over any messaging apps”.
Users also shouldn’t be quick to assume that their messages are protected by end-to-end encryption. Unlike other messaging apps, Telegram actually requires you to opt into the feature by creating a secret chat.
“It would be easy to believe that Telegram offers greater security than many instant messaging solutions out there, but this isn’t quite so true”, said Foote.
“Although Telegram advertises end-to-end encryption, it is not enabled by default except for ‘secret chats’, and voice and video calls. For a privacy conscious individual, this can raise alarms as your messages could be read by malicious parties and potentially even Telegram’s staff. Applications such as WhatsApp and Signal offer end-to-end encryption out of the box, without the need for a user to specifically enable the feature or open a separate kind of chat”.
One key feature that sets Telegram apart from rival messaging apps is it’s huge 200,000 person group chat limit. However, while this feature is good for mobilising big crowds, it does present new security risks that won’t be as prevalent in smaller WhatsApp groups.
“While this has many beneficial impacts, there are key security risks to be aware of when using a platform that allows you to communicate in this way with such a large number of people, some of whom will be strangers”, said Samani.
“For example, when participating in a group size so big on any communicating platform, people’s data can become less secure, and participants can extract user information from groups and channels. Therefore, when using messaging apps, it is best practice to be careful with any information you share online”.
Telegram and your data
So, what about your data? When it comes to your messages, it’s all about encryption.
“A key feature of Telegram is that it provides its users with two layers of secure encryption”, said Samani. “Both private and group cloud chats support server-to-client encryption, while secret chats benefit from client-to-client encryption. In both instances, messages are encrypted. Every piece of data that is shared on Telegram is treated in the same way, meaning that texts, files and media alike are encrypted equally”.
However, an inspection of the app’s privacy policy shows there’s more to protecting your data than simply encrypting your messages.
“The privacy policy of Telegram states ‘we may collect metadata such as your IP address, devices and Telegram apps you’ve used, history of username changes, etc’”, said Foote. “Worryingly, this list is not exhaustive nor detailed elsewhere. Furthermore, what they do with the data collected is not strictly specified, only that it may be ‘kept for 12 months maximum’”.
This isn’t too abnormal.
“Nearly all companies will store at least some amount of your data in one form or another. Typically, this is for a legitimate purpose, but that is not guaranteed”, noted Foote.
However, it is something you should be aware of if you’re considering switching your chats over to the app.
So, should you move your WhatsApp chats to Telegram?
“Both platforms offer similar functionality and varying levels of privacy”, said Foote.
“When Facebook acquired WhatsApp, they announced that the sharing of user data would be required with Facebook. For many users this was a tipping point to migrate to alternative services, but each comes with their own potential drawbacks”.
Ultimately, the decision comes down to what you’re looking for in a messaging app, both in terms of security and the features each app offers.
“Different audiences may see different reasons for preferring one over the other too. For example, WhatsApp offers group video calls which may benefit students in remote study situations during the pandemic. By far the biggest reason to remain with WhatsApp is to maintain end-to-end encryption without having to remember to enter a ‘secret chat’ each time, as is the requirement with Telegram”.
Despite the lack of default end-to-end encryption, Telegram does offer multiple security options to protect its users’ data.
“Telegram pride itself on giving consumers multiple security options to keep their data safe”, said Samani. “Telegram have created a passcode lock, which is an inbuilt option in the built in to the app, meaning that a passcode is required to use the chat function each time the app is opened”.
While this is a welcome security feature, McAfee also recommends users enable multi-factor authentication to add another layer of security to their account if they do choose to move over to Telegram.
Make sure to check out our guides to the best phones and best Android phones, as well as our breakdown of the best VPNs if you’re looking to protect your data online.