Telegram, a messaging app founded by Pavel (the Russian Zuckerberg) and Nikolai Durov in 2013, is now one of the most popular instant messaging services. With 550 million monthly active users and 55.2 million daily active users, it’s becoming more and more popular thanks to its secure policy. That’s why most people use it in the first place.
What comes to mind when you think of secure messaging? What features should an app offer for you to say it is secure? What apps are known to offer these features?
In this guide, we will take a close look at all these questions as we dive deeper into the security of Telegram.
Getting to Know the Basics
Telegram is an instant messaging app that offers the ability to send and receive messages, media files, and various content in a secure, encrypted, and for group admins, anonymous manner. Since its foundation in 2013, this application has experienced a remarkable journey, evolving from 100,000 daily active users in its early stages to a staggering 55.2 million in 2023.
As of January 2023, according to Statista, the app boasted monthly active users, representing 8.7 percent of the global population. What does this statistic signify? Product confidence. Over the years, an increasing number of users have embraced Telegram due to its pioneering approach to security and speed. This is made possible through its multi-data center infrastructure and encryption.
As a Telegram user, you only need to part with less than 100 MB to install this app on your device, be it Android, iOS, Windows, macOS, or even Ubuntu-powered. Its cloud-based framework further eliminates the need for significant storage space to keep your chats, files, and content safe.
In-Depth Analysis of Telegram’s Security Features
While several applications and tools promise secure messaging, not many can match Telegram’s offerings. Here are the two primary pillars on which its secure and anonymous messaging is built.
MTProto Security Protocol
Telegram relies on the time-tested MTProto protocol, which is both secure and efficient, allowing the application to remain lightning-fast. This protocol basket is designed for access to an API server from mobile apps. It uses a 256-bit symmetric AES algorithm, which in modern cryptography represents a high level of security. It is also based on the 2048-bit RSA encryption and Diffie-Hellman key exchange.
The protocol itself is designed to be lightweight and easy to integrate. But does this translate to privacy? In the past, there have been concerns about MTProto being vulnerable to side-channel (particularly IND-CCA) attacks, among other flaws, which may indeed be a weakness in the architecture. However, the Telegram team regularly works to mitigate any threats and ensure the highest level of security for users.
With the launch of MTProto 2.0 in 2017, which saw a switch from SHA1 to SHA256 hashing, the adoption of padding bytes in the computation of “msg_key,” and the use of 12..1024 padding bytes instead of 0..15 padding bytes, its security was considerably improved.
Unlike WhatsApp and other alternatives that use end-to-end (e2e) encryption by default, Telegram has adopted the secret chat model where all calls and messages exchanged on the application are encrypted with a 256-bit AES key and must be enabled by users to protect communication. Your secret chats send keys via the P2P interface, which you and your chat partner must verify for the encryption to work. This way, your conversations can’t be saved, screenshot, or forwarded.
Telegram offers additional features like self-destructing messages, group chats and channels, large file sharing, bot creation, and a customizable interface.
Potential Downsides to Telegram’s Security Features
While Telegram is an excellent choice for secure messaging, there are a few drawbacks to keep in mind.
Malicious Telegram Mods
Although Telegram servers are not open source, there are reports of malicious servers being used for surveillance, censorship, and data collection, posing a risk to users’ privacy. In most cases, the fingerprint of the authentication keys used in the chat session is compromised or missing, which makes the messages accessible to bad actors (attackers or men-in-the-middle) for analysis and modification.
As such, it’s important that you only use the official Telegram app and not third-party mods. In addition, verify the fingerprint of the authentication key you receive for your chat session with that of your partner.
Telegram has access to metadata, allowing them to track and analyze users’ activities to maintain service quality. This includes your username, IP address, phone number, contacts, and device information. While this is not much of a threat per se, it can be perceived as an invasion of privacy.
However, as a global company, Telegram is compelled to comply with global data privacy laws and regulations, including the General Data Protection Regulation (GDPR) in Europe. But what happens when there’s a data breach on one of the servers? Your confidential info risks being exposed to an external actor.
In 2019, Telegram faced a large-scale distributed denial of service (DDoS) attack during the Hong Kong protest, as reported by CNN. This cyber-attack, likely originating from China, jammed servers with bogus requests and disrupted users’ connections.
Private chat encryption on Telegram has become a double-edged sword that can’t be completely avoided. On one hand, it protects your conversations from eavesdroppers. On the other, it makes the app a breeding ground for illegal and illicit activities, such as cyber fraud, drug trafficking, terrorism, and money laundering. It’s more like the dark web of social networks.
Unsuspecting users are prone to being victims of these unlawful acts since they may lack the necessary precautions to avert them. Unfortunately, law enforcement agencies and other authorities have a hard time tracking down these online criminals due to Telegram’s security features. Thankfully, you can avoid such problems by cutting back on your communication with strangers.
Before you respond to an unsolicited message, run the phone number through PhoneHistory, a free reverse phone number lookup, to see who the number is registered under and find more details about this person.
So, is Telegram secure? The answer is yes. But bear in mind that you, as a user, have some responsibilities to ensure that your personal information and messages remain private.
Also, update your app regularly. That way, you’ll benefit from the latest security and privacy updates that Telegram has in store.