Telegram Messenger: Security Overview

Telegram is one of the most popular messaging apps. But is it worth using from a security perspective? Let’s figure it out.

Telegram Messenger: Security Overview

Telegram is one of the most popular messaging apps. But is it worth using from a security perspective? Let’s figure it out.

This messenger has over 200 million active users monthly, and is cross-platform capable. In fact, they claim a ‘Native app for every platform.’
0_H7ZwTVRWG9jmdlBe
Telegram is partially open-source and while their app is capable of some genuinely cool stuff, it takes a little extra work to maximize security. For example, the default encryption scheme is server-to-device encryption rather than true end-to-end encryption. You can turn on end-to-end encryption and even set conversations to self-destruct, but this isn’t the default.

Features

Telegram’s main strength is it’s incredible feature list and support across multiple devices. Of course extra features sometimes bring tradeoffs in security.

Here’s main highlights:

  1. iOS/Android/Windows/Mac/Linux/Web app. It has two official apps: Telegram and Telegram X.
  2. All messages encrypted (but only ‘Secret Chats’ use end-to-end encryption).
  3. Customizable group chat mode.
  4. Sync chats across multiple devices.
  5. Cloud feature so you can access saved chats from anywhere.
  6. Self-destruct feature for sensitive short-term messaging.
  7. An API allows for 3rd-party apps and additional functionality.
    0_0Obqu_nteZo2uPXH

Security

Telegram provides you both comfortable and secure messaging. Let’s take a look at the main points.

Cloud Storage and server encryption

By default Telegram uses a ‘cloud’ model, meaning all chats are stored on Telegram’s servers. By default conversations are encrypted between the cloud server and each user, not from user-to-user. This means that Telegram holds the encryption keys and can read any cloud conversation. Sure, the cloud is useful because it lets you sync conversations between devices.

Telegram does have an end-to-end encrypted option called ‘Secret Chats’. With this feature enabled, nobody can spy on your conversation. But it creates an extra inconvenience, because it is can be performed only between two devices.

Encryption algorithm

Telegram’s encryption is built upon standard algorithms like 256-bit AES, their custom implementation called MTProto. It is being developed actively by Telegram team and it’s possible to find how this algorithm works. Telegram can’t access your end-to-end encrypted messages.
0_VqFy_uPUDPzKqLxx

Privacy

Telegram is created with the goal to deliver full privacy and security to its user, as written in on its main page. It’s not hard to check.

Telegram, which staunchly refuses to surrender encryption keys for all user exchanges, has appealed to the United Nations for support in their dispute with Russia’s Federal Security Service (FSB). The instant messenger is represented by lawyers from Agora, a Russian human rights group, reports Meduza, a Russian and English language online publication based in Latvia.

In a letter to David Kaye, the UN’s special rapporteur on promoting and protecting the right to freedom of opinion and expression, Agora described the FSB’s demands as a “serious threat to freedom of expression.”

Telegram says this is technologically impossible, given that the service’s administrators themselves don’t have access to encryption keys, which are generated on users’ own devices. Telegram has compared its showdown with the FBI-Apple encryption dispute in 2015 and 2016, when the US company received and flouted a dozen government orders to unlock cryptographically protected mobile phones.

By East-West Digital News / December 15, 2017

Summary

Telegram looks like the most secure messaging app at the moment. Using Telegram secure chat allows you to don’t bother about threats to your privacy. There’s opinions (e.g. Gizmodo) that say the opposite, but think critically and check the facts you read.

// Found mistake, misused fact or want to make the article better? Feel free to contact me on Twitter. Your feedback is highly appreciated.