Is Telegram Secure
Telegram is an online messaging app founded by Russian Pavel Durov, who is also behind Russia’s largest social network VKontakte (VK). Telegram is considered WhatsApp’s biggest competitor with 500 million active users. This app had an increase of 25% in less than a year. In fact, Telegram’s user base has been growing at a rate of more than 40% each year since its launch in 2013. Telegram offers a wide range of features to its users such as unlimited server storage, channels, searchable username, secret chat, bots and a capacity of 200,000 members in a group. Although, one of the main reasons users love Telegram is its security.
According to the official Telegram FAQ section, the app features two layers of secure encryption. Private and group cloud chats support server to client encryption, while secret chat benefits from client-to-client encryption. Every single bit of data is treated the same way in the process, which means that text, files and media alike are encrypted equally. Telegram encryption is based on 2048-bit RSA encryption, 256-bit symmetric AES encryption, and Diffie–Hellman secure key exchange. It also does not rely on a MAC-then-Encrypt, Encrypt-then-MAC, or MAC-and-Encrypt model, but rather on the aforementioned MTProto Mobile Protocol. This enables the app developers to obtain a faster and more thorough message verification process which allows for the safe and silent discarding of invalid or corrupted communications.
Telegram also offers the secret chat feature which is an encrypted end-to-end type of chat. According to the app’s FAQ, only the sender and the recipient can read the messages in a secret chat; meaning that nobody else can decrypt them, including Telegram staff.
Although a lot of people claim Telegram is a safe and secure messaging app, there are opposing opinions there too. Telegram’s security model has been criticized by many cryptography experts over the years. These experts bring up issues such as Telegram not making E2E encryption the default for all chats, storing media, messages and contacts in the same place as decryption keys and the app’s proprietary MTPorto Mobile Protocol containing unapproved and homebrewed cryptography which could endanger the personal information on the platform.
Telegram does not hold a good reputation against cyberattacks either. Plenty of breaches happened in the recent years. For example, on March 30, 2020, a public ElasticSearch database which contained the information of 42 million Iranian Telegram users was found on the internet.