Telegram Android App Wikipedia

1. Messaging App Telegram
2. Free Download Telegram For Android

1. Telegram Messenger is a messaging service which lets its users send each other messages, photos, videos and documents (all file types are supported). The client applications are open source and the server is proprietary software (closed source).
2. Until the app developer has fixed the problem, try using an older version of the app. If you need a rollback of Telegram, check out the app's version history on Uptodown. It includes all the file versions available to download off Uptodown for that app. Download rollbacks of Telegram for Android.

You can find lots of free messaging apps out there. But finding a free messaging app that is also secure, and has enough users to make it worth using, is a lot harder. Today we're going to talk about Telegram.

Here you will find APK files of all the versions of Telegram available on our website published so far. Latest Version: Telegram 7.3.0. Download: Android App.

Telegram is totally free, and with over 200 million active monthly users, it certainly is popular. But is Telegram secure and safe? That's one of the things we'll be investigating in this in-depth Telegram review. So let's dive in and see what we can discover.

Telegram pros & cons

+ Pros

• End-to-end (E2E) encryption
• Encryption algorithms: MTProto, a custom protocol
• Open source apps and Telegram Database Library
• Self-destructing messages
• Users can be logged in on multiple devices simultaneously
• Supports Two-Step Verification
• GDPR compliant

– Cons

• Registration requires a phone number
• E2E encryption only for Secret Chats
• Has not shared any Transparency Reports
• Servers are not open source
• Logs IP Address and other user data

Now we'll briefly touch on the main features of Telegram messenger.

Feature summary

Here are some key features to consider when deciding whether Telegram is right for you:

• Code for the open source parts is available on GitHub.
• Telegram apps for Android, iOS, Windows Phone, Mac OS, Windows, Linux, popular browsers
• In excess of 200,000 active users

For this review, we downloaded and tested Telegram desktop and mobile apps.

Telegram company background information

Telegram Messenger was created by brothers Nikolai and Pavel Durov in 2013. With over 200 million active users, it is one of the most popular messaging apps in the world. The company is headquartered in London, with the development team based in Dubai. The company is funded through a donation by Pavel.

Where is your Telegram data stored?

Telegram has a hybrid system for storing your data. By default, all your message data is stored on your devices. However, you can remove data from this local cache, and store it on Telegram's servers. This allows you to balance your desire for privacy against the need for data storage space.

Those Telegram servers are located throughout the world as part of a distributed network.

Messaging App Telegram

Telegram third-party testing and audits

I wasn't able to find any published third-party audits or other formal test results for Telegram. What I did find was a lot of criticism of the Telegram security model and of Telegram's MTProto encryption scheme. We'll go into this in more depth at the end of this post.

This is somewhat of an outlier, and it is surprising that Telegram apps have not been subjected to an audit. For comparison, both Wire and Signal have undergone third-party audits.

Telegram messenger hands-on testing

For purposes of this review, I used the Telegram mobile app for Android, along with the Windows Desktop app. Since Telegram focuses on the mobile experience and requires you to join the service using a mobile device before you can use a browser or Desktop app, we'll concentrate on the mobile side of things first.

Telegram Android app

Installing Telegram on an Android phone involves downloading the app and registering your phone number. This is similar to Signal messenger, which also requires a phone number to use the service. You can either download the app from the Google Play store, or download the Android APK directly from the Telegram website.

Once you finish installing and registering your account, you will be able to use the Telegram app to communicate with other Telegram users by text, voice, photos, video, group messaging, and channels (subscription broadcasts). File sharing is also supported.

Working with Telegram

Opening the Telegram app shows you a list of your Telegram contacts. If you've used any of the popular instant messaging apps, the interface should look familiar to you:

Tap a contact to see the full chat thread containing your conversation with that person, group, or channel. This is all pretty standard stuff; the kind of stuff you would expect to find on any of the best messaging apps. However, Telegram offers several other features that help explain why this is one of the most popular secure messaging apps.

Additional Telegram app features

Going beyond basic messages, Telegram has interesting and useful features like these:

• Groups – Supporting up to 200,000 members per group, Telegram group chats helped protesters get organized during the mega-protests of 2019. Apparently, both groups and channels were used by the protesters, resulting in a large DDOS (Distributed Denial of Service) attack against the service. Telegram stated that the IP addresses of the computers involved in the attack were mostly Chinese.
• Channels – Channels allow you to broadcast messages to an unlimited number of Telegram users. This feature was also apparently used during the Hong Kong protests. A recent addition to Channels is a way to view detailed statistics about channel viewership.
• Instant View – Instant View is a system to, '…view articles from around the Web in a consistent way, with zero loading time.' If you receive a link via Telegram, you can tap the Instant View button to instantly see a version of the page that has been optimized for viewing in Telegram. Because the page is cached in Telegram's servers, it downloads in a split second. Instant View isn't available in the desktop versions of Telegram.

For reference, here's an article viewed through Instant View on the Telegram Android app:

• Bots – Bots are computer programs that run in Telegram. They have a wide range of capabilities, and anyone with a reasonable level of programming skills can write and publish their own.
• Live Locations – Share your location live in a chat for 15 minutes, one hour, or eight hours. If multiple users share their live location within a group, they are shown on an interactive map.
• Telegram Passport – Telegram Passport is an encrypted way to store your identity documents on Telegram servers. Once stored here, you can easily share them with services that require real-world IDs.

Now we will take a close look at using Telegram on your desktop.

Telegram Desktop clients

Installing Telegram Desktop on your desktop is just like installing any other app. It only takes a moment to download, and seconds to install. Once you do, Telegram opens and asks you to enter the telephone number you used to register your mobile app. Alternately, you can click the Quick log in using QR code link and follow those directions. Either way, you'll soon see the familiar Telegram user interface translated onto your desktop.

Telegram officially supports the following desktop platforms:

• Windows
• Mac OS
• Linux (64 bit and 32 bit)

Here is a screenshot of the Telegram desktop app.

One drawback with the Telegram desktop app is that you won't have access to all the same features and capabilities that you do on your phone. However, if nothing else, the Desktop app will be a lifesaver in those times when you need to send long text messages.

Aside from using the Telegram desktop app, there is also a Telegram web client here. (Be sure to use a secure browser that respects your privacy when using web clients.)

Support

Telegram's support site takes the form of a hugeFAQ page. This page (seen below) links to an immense amount of helpful information about Telegram. While working on this Telegram review, I was able to find the answers to any questions that came up by searching the FAQ.

Of course, I can't guarantee that you will never need support from a live person. That shouldn't be a problem, as Telegram offers you several ways to get in touch with their support team. Instead of listing out all the options here, just go to the Support section of that huge Telegram FAQ page.

How secure and private is Telegram

Telegram has taken a beating over the years due to doubts about its security model. The concerns target two main areas: E2E encryption, and MTProto security. Let's examine each of these areas.

E2E encryption

The concern about Telegram's E2E encryption is that it is not applied by default. Most chats (Cloud chats) on Telegram are securely encrypted while in transit between your devices and Telegram's servers. Once chat messages arrive at the Telegram servers, they are encrypted using MTProto while at rest on the servers. However, Telegram can read chat data since it handles the encryption/decryption of messages at the servers. Other secure messaging services such as Signal, apply E2E encryption on all communications by default.

Telegram does support E2E encryption for two types of communications: Secret Chats, and voice calls. Secret Chats are chats that are not stored on Telegram servers, and are only accessible to the devices involved in the chat. Secret Chats should be as secure as MTProto, but users need to remember to turn them on.

Voice calls are automatically E2E encrypted, likewise making them as secure as MTProto allows.

MTProto security

MTProto is the custom mobile protocol designed by the Telegram team. While I am not qualified to comment on the security of the protocol, it has been criticized by numerous cryptography experts. Check out this Wikipedia link to get a better sense of the flak this protocol has taken over the years.

On the privacy front, Telegram can collect a decent amount of personal information, which it can keep for up to 12 months. According to their Privacy Policy, they, 'may collect metadata such as your IP address, devices and Telegram apps you've used, history of username changes, etc.' They may use aggregated metadata from you to help them create new features for the service.

Finally, the company has the ability to read any of your Cloud Chat messages to investigate spam and other violations of their Terms of Service. They may share some of your personal data with other Telegram users you choose to communicate with and companies within the Telegram Group. If forced by a court order, they may provide your IP address and mobile number to the appropriate authorities.

It would be wise to use Secret Chats and voice calls whenever you wish to share private information on Telegram.

Using a VPN with Telegram

As noted above, Telegram will record your IP address and keep it for up to 12 months. This links your identity up with your Telegram activity, chats, etc. Therefore you should take this into consideration based on your threat model and unique needs.

To hide your IP address when using Telegram, you can use a VPN. A VPN with Telegram will hide your IP address and location. Some of our top-recommended VPNs include NordVPN, which is based in Panama and ExpressVPN, based in the British Virgin Islands (with a three months free coupon).

Note: A VPN is not a silver bullet that hides all your metadata. However, it will securely encrypt traffic between your device and a VPN server, while also concealing your true location and IP address. See these best VPN services for more options and info.

Using Telegram without your real phone number

While we're on the topic of privacy, it's also important to note that Telegram requires a phone number to create an account. This is a verification step to prevent bots and spammers from mass-registering.

Verification happens via a text message or phone call, and then you enter the verification code to begin using the service. But here's the catch: you don't have to use your phone number.

There are many anonymous SMS services you can find online that allow you to receive text messages to digital numbers. There are both free and paid SMS services available (see disposable SMS), which you can find through a bit of research. You may have to try with a few different services and numbers before you can get a Telegram verification code to come through and work, but it will ensure your real phone number stays safe.

Telegram business features

Like its competitor Signal, Telegram Messenger is only available as a single, free version. There are no pricing tiers, no extra-cost features, and no business-specific features.

Telegram prices = free

As mentioned above, Telegram is 100% free of charge. The company has stated that if they run low on money, they might add some non-essential premium features, but as of now, there is only the one, free version.

Telegram review conclusion

Telegram is one of the most popular messaging apps in the world with over 200 million users. Add in the fact that it is free, fast, and has tons of useful and fun features beyond basic messaging, and it's easy to see why it is so popular.

But popularity does not necessarily mean it is secure or a good option for privacy-conscious users. As I showed above, there are many experts in the cryptography community that have raised doubts about Telegram's security. At the same time, the fact that end-to-end encryption is only available for Secret Chats and voice calls worries many of us.

Is Telegram right for you?

The answer to this question all comes down to your threat model and unique needs. Whatever you decide, keep these risks in mind and proceed with caution if you decide to use Telegram to connect with your acquaintances.

However, for those of us who place a high importance on privacy and security, there are other secure messaging services to consider. Check out Signal or Wire instead.

• Rating
  (2)

When compared to renowned instant messaging apps such as WhatsApp or Facebook Messenger, Telegram might seem like the underdog. However, the Russian platform is anything but with its user base of roughly 300 million. If you are not yet familiar with it, a few questions might be going through your mind right now. What is Telegram? Is it encrypted? How shady is its privacy policy? And, most importantly, is Telegram secure?

Worry not, as I will answer all of them and more in the following lines. As always, stay tuned until the end for some actionable advice on how to stay safe while using Telegram.

What is Telegram?

Telegram is a cloud-based instant messaging app that was launched back in 2013 and has gained quite a devoted user base since then. It was developed by Pavel and Nikolai Durov, two Russian brothers who are best known for creating the social networking platform VK (formerly VKontakte).

The app features a secret chat option with end-to-end encryption, as well as a regular chat variant that is encrypted in the Telegram Cloud. It is available on multiple mobile and desktop operating systems, namely iOS, macOS, Android, Windows Phone, Windows, and Linux.

What sets Telegram apart from the crowd is its popularity, especially among millennial and Gen Z users. Many of my friends use it and motivate their choice in doing so on the fact that it is more secure than other (Mark Zuckerberg-owned) instant messaging apps out there such as WhatsApp or Facebook Messenger.

However, that isn't necessarily the case. For example, all WhatsApp chats feature end-to-end encryption, as opposed to Telegram using it for its secret chats only. So, what accounts for its popularity? What does Telegram do that other similar apps don't? The answer lies within the app's MTProto Mobile Protocol, which I will discuss in the section below where you'll find out all there is to know about Telegram's encryption process.

Is Telegram Encrypted?

According to the official Telegram FAQ section, the app features two layers of secure encryption. Private and group cloud chats support server to client encryption, while secret chats benefit from client to client encryption. Every single bit of data is treated the same way in the process, which means that text, files, and media alike are encrypted equally.

Telegram encryption is based on 2048-bit RSA encryption, 256-bit symmetric AES encryption, and Diffie–Hellman secure key exchange. As per further info provided in the app's FAQ for the Technically Inclined,

All Telegram apps ensure that msg_key is equal to SHA-256 of a fragment of the auth_key concatenated with the decrypted message (including 12…1024 bytes of random padding). It is important that the plaintext always contains message length, server salt, session_id and other data not known to the attacker.

It is crucial that AES decryption keys depend both on msg_key, and on auth_key, known only to the parties involved in the exchange.

What is more, Telegram does not rely on a MAC-then-Encrypt, Encrypt-then-MAC, or MAC-and-Encrypt model, but rather on the aforementioned MTProto Mobile Protocol. In doing so, app developers obtain a faster and more thorough message verification process which allows for the safe and silent discarding of invalid or corrupted communications.

Server-Client Encryption

Free Download Telegram For Android

How does Telegram work at its most elementary and general level? The layer of MTProto dealing with cloud chats that are based on server-client encryption consists of three independent components:

• High-level component, or API query language, which defines the process through which API queries and responses become binary messages.
• Cryptographic component, or authorization layer, which defines how messages are encrypted before going out towards the transport component.
• Transport component, which defines the way in which the client and the server transmit the messages using already-existing network protocols such as HTTP, HTTPS, UDP, TCP, and so on.

It is important to note at this point that MTProto applies to standard cloud chats on mobile devices only, and does not feature end-to-end decryption by default. This is a notable security concern regarding Telegram that I will get into more towards the end of this article.

Are you interested in the functioning of these methods from an even more technical standpoint? Have a look at the image attached below, which can be found in Telegram's official FAQ section. Check out their detailed description section for an in-depth explanation of the terminology that is used.

Image Source: Telegram

End-to-End Encryption

Telegram secret chats differ from standard ones because they are encrypted end-to-end. What does this mean for you, the user? Well, as per the app's FAQ, this entails that only the sender and the recipient can read the messages in a secret chat. Nobody else can decrypt them, including Telegram staff.

Messages from a secret chat cannot be forwarded, and all adjacent media can be set to self-destruct after a preset amount of time. What is more, if one participant deletes the chat, the other will be required to do so as well. This is allowed by the fact that secret conversations on Telegram are device-specific and not stored in the cloud. Therefore, it is implied that your data is safe as long as your mobile phone stays by your side.

For a more technical overview of the end-to-end encryption process utilized in secret chats, you can check out the image embedded below, as well as the dedicated section in the advanced Telegram FAQ.

Image Source: Telegram

Telegram Privacy Policy

It's no secret that the app has gained notoriety for its presumed superiority over other instant messaging apps. However, one look at its Privacy Policy will uncover that its approach is more or less the same as that of any other similar service.

What seems to concern other people I've seen write about the topic (such as Restore Privacy's Henrich Long) is the info provided under section 5 of the Telegram Privacy Policy, which is titled Processing Your Personal Data. Through you accepting it, Telegram reserves itself the right to do some things with your data that might raise concerns.

Here is a screenshot of the Telegram desktop app.

One drawback with the Telegram desktop app is that you won't have access to all the same features and capabilities that you do on your phone. However, if nothing else, the Desktop app will be a lifesaver in those times when you need to send long text messages.

Aside from using the Telegram desktop app, there is also a Telegram web client here. (Be sure to use a secure browser that respects your privacy when using web clients.)

Support

Telegram's support site takes the form of a hugeFAQ page. This page (seen below) links to an immense amount of helpful information about Telegram. While working on this Telegram review, I was able to find the answers to any questions that came up by searching the FAQ.

Of course, I can't guarantee that you will never need support from a live person. That shouldn't be a problem, as Telegram offers you several ways to get in touch with their support team. Instead of listing out all the options here, just go to the Support section of that huge Telegram FAQ page.

How secure and private is Telegram

Telegram has taken a beating over the years due to doubts about its security model. The concerns target two main areas: E2E encryption, and MTProto security. Let's examine each of these areas.

E2E encryption

The concern about Telegram's E2E encryption is that it is not applied by default. Most chats (Cloud chats) on Telegram are securely encrypted while in transit between your devices and Telegram's servers. Once chat messages arrive at the Telegram servers, they are encrypted using MTProto while at rest on the servers. However, Telegram can read chat data since it handles the encryption/decryption of messages at the servers. Other secure messaging services such as Signal, apply E2E encryption on all communications by default.

Telegram does support E2E encryption for two types of communications: Secret Chats, and voice calls. Secret Chats are chats that are not stored on Telegram servers, and are only accessible to the devices involved in the chat. Secret Chats should be as secure as MTProto, but users need to remember to turn them on.

Voice calls are automatically E2E encrypted, likewise making them as secure as MTProto allows.

MTProto security

MTProto is the custom mobile protocol designed by the Telegram team. While I am not qualified to comment on the security of the protocol, it has been criticized by numerous cryptography experts. Check out this Wikipedia link to get a better sense of the flak this protocol has taken over the years.

On the privacy front, Telegram can collect a decent amount of personal information, which it can keep for up to 12 months. According to their Privacy Policy, they, 'may collect metadata such as your IP address, devices and Telegram apps you've used, history of username changes, etc.' They may use aggregated metadata from you to help them create new features for the service.

Finally, the company has the ability to read any of your Cloud Chat messages to investigate spam and other violations of their Terms of Service. They may share some of your personal data with other Telegram users you choose to communicate with and companies within the Telegram Group. If forced by a court order, they may provide your IP address and mobile number to the appropriate authorities.

It would be wise to use Secret Chats and voice calls whenever you wish to share private information on Telegram.

Using a VPN with Telegram

As noted above, Telegram will record your IP address and keep it for up to 12 months. This links your identity up with your Telegram activity, chats, etc. Therefore you should take this into consideration based on your threat model and unique needs.

To hide your IP address when using Telegram, you can use a VPN. A VPN with Telegram will hide your IP address and location. Some of our top-recommended VPNs include NordVPN, which is based in Panama and ExpressVPN, based in the British Virgin Islands (with a three months free coupon).

Note: A VPN is not a silver bullet that hides all your metadata. However, it will securely encrypt traffic between your device and a VPN server, while also concealing your true location and IP address. See these best VPN services for more options and info.

Using Telegram without your real phone number

While we're on the topic of privacy, it's also important to note that Telegram requires a phone number to create an account. This is a verification step to prevent bots and spammers from mass-registering.

Verification happens via a text message or phone call, and then you enter the verification code to begin using the service. But here's the catch: you don't have to use your phone number.

There are many anonymous SMS services you can find online that allow you to receive text messages to digital numbers. There are both free and paid SMS services available (see disposable SMS), which you can find through a bit of research. You may have to try with a few different services and numbers before you can get a Telegram verification code to come through and work, but it will ensure your real phone number stays safe.

Telegram business features

Like its competitor Signal, Telegram Messenger is only available as a single, free version. There are no pricing tiers, no extra-cost features, and no business-specific features.

Telegram prices = free

As mentioned above, Telegram is 100% free of charge. The company has stated that if they run low on money, they might add some non-essential premium features, but as of now, there is only the one, free version.

Telegram review conclusion

Telegram is one of the most popular messaging apps in the world with over 200 million users. Add in the fact that it is free, fast, and has tons of useful and fun features beyond basic messaging, and it's easy to see why it is so popular.

But popularity does not necessarily mean it is secure or a good option for privacy-conscious users. As I showed above, there are many experts in the cryptography community that have raised doubts about Telegram's security. At the same time, the fact that end-to-end encryption is only available for Secret Chats and voice calls worries many of us.

Is Telegram right for you?

The answer to this question all comes down to your threat model and unique needs. Whatever you decide, keep these risks in mind and proceed with caution if you decide to use Telegram to connect with your acquaintances.

However, for those of us who place a high importance on privacy and security, there are other secure messaging services to consider. Check out Signal or Wire instead.

• Rating
  (2)

When compared to renowned instant messaging apps such as WhatsApp or Facebook Messenger, Telegram might seem like the underdog. However, the Russian platform is anything but with its user base of roughly 300 million. If you are not yet familiar with it, a few questions might be going through your mind right now. What is Telegram? Is it encrypted? How shady is its privacy policy? And, most importantly, is Telegram secure?

Worry not, as I will answer all of them and more in the following lines. As always, stay tuned until the end for some actionable advice on how to stay safe while using Telegram.

What is Telegram?

Telegram is a cloud-based instant messaging app that was launched back in 2013 and has gained quite a devoted user base since then. It was developed by Pavel and Nikolai Durov, two Russian brothers who are best known for creating the social networking platform VK (formerly VKontakte).

The app features a secret chat option with end-to-end encryption, as well as a regular chat variant that is encrypted in the Telegram Cloud. It is available on multiple mobile and desktop operating systems, namely iOS, macOS, Android, Windows Phone, Windows, and Linux.

What sets Telegram apart from the crowd is its popularity, especially among millennial and Gen Z users. Many of my friends use it and motivate their choice in doing so on the fact that it is more secure than other (Mark Zuckerberg-owned) instant messaging apps out there such as WhatsApp or Facebook Messenger.

However, that isn't necessarily the case. For example, all WhatsApp chats feature end-to-end encryption, as opposed to Telegram using it for its secret chats only. So, what accounts for its popularity? What does Telegram do that other similar apps don't? The answer lies within the app's MTProto Mobile Protocol, which I will discuss in the section below where you'll find out all there is to know about Telegram's encryption process.

Is Telegram Encrypted?

According to the official Telegram FAQ section, the app features two layers of secure encryption. Private and group cloud chats support server to client encryption, while secret chats benefit from client to client encryption. Every single bit of data is treated the same way in the process, which means that text, files, and media alike are encrypted equally.

Telegram encryption is based on 2048-bit RSA encryption, 256-bit symmetric AES encryption, and Diffie–Hellman secure key exchange. As per further info provided in the app's FAQ for the Technically Inclined,

All Telegram apps ensure that msg_key is equal to SHA-256 of a fragment of the auth_key concatenated with the decrypted message (including 12…1024 bytes of random padding). It is important that the plaintext always contains message length, server salt, session_id and other data not known to the attacker.

It is crucial that AES decryption keys depend both on msg_key, and on auth_key, known only to the parties involved in the exchange.

What is more, Telegram does not rely on a MAC-then-Encrypt, Encrypt-then-MAC, or MAC-and-Encrypt model, but rather on the aforementioned MTProto Mobile Protocol. In doing so, app developers obtain a faster and more thorough message verification process which allows for the safe and silent discarding of invalid or corrupted communications.

Server-Client Encryption

Free Download Telegram For Android

How does Telegram work at its most elementary and general level? The layer of MTProto dealing with cloud chats that are based on server-client encryption consists of three independent components:

• High-level component, or API query language, which defines the process through which API queries and responses become binary messages.
• Cryptographic component, or authorization layer, which defines how messages are encrypted before going out towards the transport component.
• Transport component, which defines the way in which the client and the server transmit the messages using already-existing network protocols such as HTTP, HTTPS, UDP, TCP, and so on.

It is important to note at this point that MTProto applies to standard cloud chats on mobile devices only, and does not feature end-to-end decryption by default. This is a notable security concern regarding Telegram that I will get into more towards the end of this article.

Are you interested in the functioning of these methods from an even more technical standpoint? Have a look at the image attached below, which can be found in Telegram's official FAQ section. Check out their detailed description section for an in-depth explanation of the terminology that is used.

Image Source: Telegram

End-to-End Encryption

Telegram secret chats differ from standard ones because they are encrypted end-to-end. What does this mean for you, the user? Well, as per the app's FAQ, this entails that only the sender and the recipient can read the messages in a secret chat. Nobody else can decrypt them, including Telegram staff.

Messages from a secret chat cannot be forwarded, and all adjacent media can be set to self-destruct after a preset amount of time. What is more, if one participant deletes the chat, the other will be required to do so as well. This is allowed by the fact that secret conversations on Telegram are device-specific and not stored in the cloud. Therefore, it is implied that your data is safe as long as your mobile phone stays by your side.

For a more technical overview of the end-to-end encryption process utilized in secret chats, you can check out the image embedded below, as well as the dedicated section in the advanced Telegram FAQ.

Image Source: Telegram

Telegram Privacy Policy

It's no secret that the app has gained notoriety for its presumed superiority over other instant messaging apps. However, one look at its Privacy Policy will uncover that its approach is more or less the same as that of any other similar service.

What seems to concern other people I've seen write about the topic (such as Restore Privacy's Henrich Long) is the info provided under section 5 of the Telegram Privacy Policy, which is titled Processing Your Personal Data. Through you accepting it, Telegram reserves itself the right to do some things with your data that might raise concerns.

How Does Telegram Process Personal Data?

First of all, Telegram's spam and abuse prevention procedure involves collecting information such as IP addresses, device details, history of username changes, and more. This data, if collected, is stored for a maximum of 12 months before being deleted. That gives malicious third parties plenty of time to access it, if you ask me.

Second of all, Telegram moderators are permitted to read standard chat messages that are flagged for spam and abuse to determine whether or not the allegation is accurate. While this is a commonsensical practice, it also means that other people can read what you write on there. Zoinks.

Finally, the app might also store aggregated metadata to better tailor your experience. For example, it calculates a rating based on who you message most often to create a personalized list of contacts that appear when you open the Search menu.

Neither of these three concepts is unheard-of in the digital world. However, users need to be aware of how their sensitive data is handled before sharing it on an app.

Who Does Telegram Share Your Data with?

Besides the other users you choose to communicate to over the app, Telegram specifies two more potential data destinations in section 8 of its Privacy Policy titled Who Your Personal Data May Be Shared With. Firstly, and obviously, Telegram shares the personal information of its users with its parent company and a group member which provides support for its services.

However (and you might have not seen this coming if you know the app's reputation), Telegram also reserves itself the right to disclose your IP address and phone number to the relevant authorities. This only happens if the company receives a court order stating that a user is suspected of terrorism. This has presumably never happened before, and if it will, it will be published in a transparency report.

So… Is Telegram Secure or Not?

Long story short, Telegram is indeed encrypted on multiple levels, which provides user data with an additional layer of security. And while its Privacy Policy might raise some red flags for those of us out there who crave true confidentiality, at the end of the day such stipulations are more than conventional in today's digital landscape.

All the technical details specified in the previous sections might sound impressive at a first glance, but is Telegram safe in the true sense of the word? Or, is it at least safer than other instant messaging alternatives?

Telegram Security Features

One look at the section on security from Telegram's dedicated Wikipedia page will give you the answer to these questions, and the answer is no. In fact, Telegram's security model has been heavily criticized by cryptography experts over the years.

Some of the main issues cited by the Wiki include not making E2E encryption the default for all chats, as well as storing media, messages, and contacts in the same place as decryption keys. The app's proprietary MTProto Mobile Protocol has also been decried for containing unapproved and homebrewed cryptography that could potentially endanger the personally identifiable information stored on the platform.

Telegram's claim to fame that it is more secure than other mass-market instant messaging apps such as WhatsApp has been disproved by professionals in the field. As stated above, WhatsApp encrypts all traffic end-to-end by default and operates within the boundaries of the expert-reviewed and approved Signal Protocol. Telegram, as we've discussed, attains neither.

In addition to this, researchers from Aarhus University in Denmark demonstrated in 2015 that Telegram does not achieve authenticated encryption or indistinguishability under chosen-ciphertext attack. Pavel Durov has defended the app publicly on numerous occasions, but reproach still arose regularly.

Telegram Security Breaches

This being said, is Telegram secure in the face of cyberattacks at least? The answer is still no. In fact, the app has fallen victim to plenty of breaches in recent years, the most notable of which I will briefly enumerate below.

On June 13, 2019, during the Hong Kong protests, Telegram suffered a denial-of-service attack performed by IP addresses linked to mainland China.

On March 30, 2020, a public ElasticSearch database containing the information of 42 million Iranian Telegram users was found on the Web. The app has been completely banned in the country since May 2018. This was just one of the numerous security breaches involving Iran on Telegram.

On October 19, 2020, hackers with access to the Signaling System 7, or SS7 for short, gained access to Telegram messenger. SS7 is used for linking mobile networks across the globe.

Minimizing the Cybersecurity Risks Associated with Telegram

To sum up the discussion thus far, Telegram is an instant messaging app that employs a custom encryption protocol known as MTProto. This has been heavily criticized by some experts over time, among other questionable approaches the app has taken. Plus, Telegram is no stranger to security breaches, especially over the last year or so.

However, there are many reasons you might still want to use it. Although E2E encryption is not its default, having the option to choose between regular and secret chats has a certain charm. And it's not as if the alternative doesn't exist at all.

Furthermore, Telegram is GDPR-compliant and supports two-step authentication. Its custom protocol recommends it as a favorite among tech enthusiasts thanks to its open-source model. Plus, you can add your own stickers. All in all, I'm not saying you should skip out on it entirely. Nevertheless, if you do choose to communicate on it, here are a few things you should consider from case to case.

Telegram for Home Users

Telegram comes in both mobile and desktop variants, and the latter is pretty well-optimized too. However, if you recall what I've mentioned eons ago at the beginning of this article, the MTProto Mobile Protocol applies to chats stored on mobile devices only. It's right there in the name, actually. But what does this mean for you, a home user?

It means that, unfortunately, there is no secret chats option on desktop, and thus no end-to-end encryption. In October of 2018, BleepingComputer reported that Telegram Desktop stores chats locally in plain text files. These are not encrypted in any way, and thus easily readable and accessible to malicious third parties that might infiltrate your machine.

Therefore, my recommendation is to protect your devices on all fronts. Heimdal Security's very own Thor Foresight Home can help you with that. Its proprietary DarkLayer Guard™ & VectorN Detection is optimized for both mobile and desktop devices by filtering traffic at the level of the Domain Name System and impeding any malicious communications.

As an extra treat for desktop users, Thor Foresight Home also integrates the X-Ploit Resilience patch management software. XPR deploys relevant patches and updates within hours of their release, ensuring that all your device's vulnerabilities are closed for good.

Telegram for Business

Are you already using Telegram to increase your company's visibility, or are you at least considering it? According to the MailUp Blog, the instant messaging app might just be that additional marketing channel you have been looking for.

Although Telegram does not have a designated Business model in the same way as WhatsApp or Skype do, it can still be used for corporate purposes. It is a great medium for both internal and external communications, as well as customer care.

Nonetheless, you've ideally read everything I've had to say about the app thus far. Telegram is not entirely secure, especially when you're using it for business. This is why I recommend going the extra mile and using a cybersecurity solution such as Thor Foresight Enterprise in tandem with the instant messaging app.

Antivirus is no longer enough to keep an organization's systems secure.

• Machine learning powered scans for all incoming online traffic;
• Stops data breaches before sensitive info can be exposed to the outside;
• Automatic patches for your software and apps with no interruptions;
• Protection against data leakage, APTs, ransomware and exploits;

In a similar way to its Home counterpart, Thor Foresight Enterprise blocks cyberattacks before they even reach your company's endpoints, servers, or network. And while DarkLayer Guard stops ransomware and other unknown threats at the layers of the DNS, HTTP, and HTTPS, X-Ploit Resilience patches over 85% of vulnerabilities to ensure the complete security of your systems.

Telegram for Journalists

Telegram's preponderantly young audience, convenient format, high engagement rates, and privacy settings helped it become a favorite among journalists. But while the benefits of using Telegram for various news-related purposes are undeniable, I strongly advise you to double-check the app's Privacy Policy regularly if you are a journalist.

The story so far is that the app might share your information with authorities if requested. Plus, its bulletproof image is more so reliant on clever marketing than actual technical superiority. Choose what you share on it carefully.

One Last Thing Before You Go…

So, is Telegram secure? No, or at least not in the same capacity it likes to present itself to be. Nonetheless, it has its advantages as an instant messaging app and can become a great business asset as well. By taking the right security precautions beforehand, Telegram with its user base of 300 million is a place where you can connect with friends, family, customers, leads, or anyone and everyone else.

Are you an active Telegram user? What are your thoughts on its security features and privacy policy? Let me know in the comment section below, I'd love to read all about your opinions!