We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Is Telegram Safe To Use in 2024? Privacy Analysis

Husain Parvez Updated on 2nd December 2024 Fact-checked by Ryan Jones Cybersecurity Researcher

Telegram is a popular messaging app that’s supposed to support private communication. But, according to its recent policy updates, the platform can now share users' phone numbers and IP addresses with authorities in some situations.

Aside from this worrying development, there are several other potential safety issues with Telegram too. That’s why it’s crucial to understand how to safeguard your data when using the platform.

One thing Telegram brags about is that its robust encryption can protect you from hackers and cyber threats while using the app. This is a very bold claim so I decided to perform my own tests on the security and privacy features the app uses to keep your messages safe. Read on to find out whether Telegram is trustworthy and what you can do to enhance security while using it.

Short on Time? Here’s How to Safely Use Telegram in 2024

  1. Use a VPN — VPN encryption and IP masking prevent third-party monitoring and tracking on Telegram.
  2. Enable 2FA — Two-step verification requires a password and SMS to log in to your Telegram account.
  3. Use Secret Chats — Self-destructing messages on Telegram use end-to-end encryption for improved safety.
  4. Hide your contacts — Limit your Telegram phone number visibility to only people in your contacts.
  5. Set up a local passcode— Customize security on Telegram by enabling passcode and fingerprint sign-in.

See 3 More Ways to Be Safe on Telegram

Pro Tip: Use a No-Logs VPN to Keep Your Telegram Activity Private

Choosing a privacy-friendly VPN to use with Telegram is highly recommended because some services may collect your activity data. Check our selection of the the best no-logs VPNs you can use with messaging apps.

Vendor Logo of ExpressVPN
Military-Grade Security Features
DEAL: Save 82% + 30-day money-back guarantee
Editor's Choice for Security
Our Score: 10.0
High-level encryption keeps you safe online
Verified to not collect or share data

Editor's Note: Transparency is one of our core values at vpnMentor, so you should know we are in the same ownership group as ExpressVPN. However, this does not affect our review process.

Telegram’s Security Features

Telegram is known for its various security measures and it’s important to look at every distinct feature. This helps you make an informed decision about whether Telegram's level of protection aligns with your privacy expectations. Some of the key safety measures include:

  • Secret Chats. These chats use end-to-end (E2E) encryption, ensuring that only the sender and the intended recipient can read the messages. That means even Telegram themselves can’t decipher these messages. Secret Chats aren’t stored on Telegram's servers, and your communications can be configured to be automatically deleted after a set time.
  • Encrypted voice and video calls. Telegram offers encrypted calls. These calls also use E2E encryption, similar to Secret Chats. Only the caller and the recipient will have access to the call — the encryption ensures that no one else can listen in. Encryption is verified by 4 emojis; if both you and the other person on the call see the same emojis, you’ll know the call is fully encrypted.
  • Encrypted cloud storage. Telegram uses client-server encryption for all data stored in its cloud storage. This means your data is encrypted when it’s in transit between your device and Telegram's servers, and it remains encrypted while stored on their servers.
  • Two-step verification. By default, there is no password on your account — you just need to input a temporary code sent to your mobile device to log in. When two-step verification is enabled, it requires you to input a password in addition to the SMS code. This additional step makes it significantly more difficult for anyone to gain unauthorized access to your account.
  • Passcodes and fingerprint locks. To protect your app from unauthorized physical access, you can set up a local passcode or a fingerprint lock on Telegram. This means that even if someone has access to your device, they won’t be able to compromise your Telegram account.
  • Account self-destruct. If you want to stop using Telegram, the app features a self-destruct mechanism. After a certain period of inactivity (which you can set), your account will be automatically deleted — along with all data, messages, and associated media.
  • Anti-phishing features. Telegram has mechanisms in place to counter phishing attempts. It uses bots and machine learning algorithms to detect and block accounts that are suspected of malicious activities such as spamming or phishing.
  • MTProto protocol. Telegram uses its own encryption protocol called MTProto. While it has faced criticism due to its lack of independent audits, the company claims the protocol is continuously updated and improved to address potential security threats.
  • Private read receipts. Like WhatsApp, Telegram messages have read receipts (indicated by the same double tick next to a message). However, unlike WhatsApp, Telegram doesn’t show you who read the message. That means — in a group chat — no one can see if you read or didn’t read their latest communication. Unfortunately, Telegram offers no way to turn off read receipts totally.

Taken together, these features represent a robust effort on Telegram’s part to ensure the security and privacy of its users. However, as with any digital platform, the level of security you experience ultimately depends on how you use these features and safeguards. It’s also essential to use a strong and unique password for your Telegram account.

Safety and Privacy Risks of Using Telegram

Despite the security measures, there are aspects of Telegram that pose potential risks. The major concern is that the platform has pledged to share user information with authorities if requested. Plus, Telegram’s regular chats aren’t E2E encrypted by default. The encryption protocol it does use for Secret Chats hasn’t been tested as extensively as some other protocols, leaving experts skeptical of its reliability.

To ensure you're aware of these risks, let's dissect some of the key concerns:

  • Data leaks. In the past, there has been an instance of a data breach affecting Telegram. In 2020, the phone numbers and unique IDs of millions of Telegram users were reportedly accessed via a vulnerability and then exposed in a darknet forum. While most of the data leaked was outdated, and passwords and messages were not compromised, this still raises concerns about the app’s data protection practices.
  • Hacker target. Due to its increasing popularity and perceived security, Telegram has become a prime target for hackers. Cybercriminals often try to exploit potential vulnerabilities in the app, conduct phishing attacks, commit financial or crypto fraud, or use social engineering tactics to steal user data.
  • Default encryption and access to user data. Your standard messages don’t use E2E encryption by default. Instead, these chats are client-server encrypted. While your data is encrypted both during transit and while it's stored on their servers, Telegram retains the encryption keys. This means that Telegram or any malicious actor with access to these keys could decrypt and access your messages. Other private messaging apps like Signal, WhatsApp, Wire, and Threema use E2E encryption by default.
  • Privacy policy ambiguities. Telegram's privacy policy states that it stores identifying user metadata — like your IP address, phone number, location data, and any unencrypted messages and media — for "as long as it’s necessary for Telegram to function." This vague language leaves a lot of room for interpretation and also questions about what they do with that information.
  • New policy on data sharing. Unlike in the past when Telegram was adamant that it never shared its users’ sensitive information, the platform can now hand over crucial data, including IP addresses and phone numbers to authorities and governments. While currently this can only happen if a court order is issued (for example, in criminal cases), this sets a worrying precedent. Especially considering how much of your data the app logs.
  • MTProto protocol controversy. Telegram uses a homegrown encryption protocol called MTProto. While the company states that it’s secure, MTProto isn’t open source, so it hasn’t been as extensively audited as other more established protocols (for example, Signal’s protocol or WhatsApp’s implementation of the Open Whisper Systems protocol). Due to this, cybersecurity experts have expressed concerns about potential hidden vulnerabilities.
  • Potential exposure in group chats. If you engage in a group chat, members who aren’t on your contact list may still be able to see your phone number. This can expose your personal information to strangers or third parties, leading to potential privacy breaches. The Secret Chat option is also not available for group messages, meaning you can’t have an encrypted group chat like you can with WhatsApp.
  • Contact syncing. When you install Telegram, it requests access to your phone's contacts. This is so you can connect with people you know who are also using Telegram. However, this could potentially expose your entire contact list to Telegram, a significant concern for those who value their contact privacy.

In light of these risks, it's crucial to understand that — while Telegram does offer a lot of robust features for security-conscious users — it’s not safe from potential cyber threats. As with any platform, it's important to stay informed and take appropriate measures to protect your data.

Important: Telegram is also often used for cybercrime. For example, hackers use Telegram to share or sell user data. The data includes anything from account information to sensitive messages and private photos, which are then used to blackmail, run online frauds, take over accounts, and perform cyber attacks.

How To Use Telegram Safely

While Telegram provides various security features, it's equally essential for users to know how to leverage these features effectively. Here are some practical steps you can take to ensure your use of Telegram aligns with best practices for digital safety and privacy:

1. Enhance Security on Telegram Using a VPN

A virtual private network (VPN) can protect you from privacy intrusion and cyber attacks when using Telegram. It encrypts your traffic and masks your real IP address, preventing third parties (including Telegram, WiFi administrators, and ISPs) from collecting your sensitive data while using the platform. Also, a VPN can help in the case of a data breach or hack on Telegram where user information, including IP addresses, could potentially be obtained.

Telegram doesn’t use end-to-end encryption for regular chats (unless you enable Secret Shats), which leaves your sensitive communications exposed. Plus, the encryption it uses isn’t open source, so there isn’t any way to confirm it's trustworthy or reliable against sophisticated cyber attacks or surveillance. Good VPNs use high-level encryption automatically, keeping your Telegram activity private and safe.

Here’s how to use a VPN with Telegram:

  1. Select a reputable VPN service that offers strong encryption, a no-logs policy, and a wide range of servers, like ExpressVPN.
  2. Download and install the VPN app on your device and create an account if necessary.
  3. Open the VPN app and connect to a secure server in a location where Telegram works.
  4. Keep the VPN active and running while using Telegram to ensure your IP remains hidden and your communications are encrypted.
Vendor Logo of ExpressVPN
Easy-To-Use Apps Suitable for Beginners
DEAL: Save 82% + 30-day money-back guarantee
Editor's Choice for Ease Of Use
Our Score: 10.0
User-friendly interface to connect in seconds
Immediate responses from 24/7 customer support
Important: A VPN should only be used to enhance privacy and security on Telegram. My team and I do not condone using a VPN for criminal activities or breaking the platform’s T&Cs. Make sure you understand the laws and regulations where you are to avoid any legal issues.

2. Enable Two-Step Verification

2FA (or what Telegram calls Two-Step Verification) adds an extra layer of security to your account by requiring a password in addition to the code you receive via SMS when logging in. Here’s how you can use it on Telegram:

Step 1. Open the Telegram app and click on the menu icon (three lines in the top-left corner).

Step 2. Click on Settings and then Privacy and Security.

Screenshot of Telegram's settings panelYou can configure 2FA, set up a local password or fingerprint unlock, and more

Step 3. Scroll down to find the Two-Step Verification option and click on it.

Step 4. Set up a strong password and recovery email. Make sure your email is secure, as it can be used to reset your password.

Screenshot of Telegram's 2FA settingsI’d recommend using a password generator to create a strong password

3. Use Secret Chats for Sensitive Conversations

Secret chats provide end-to-end encryption and aren’t stored on Telegram's servers. There’s also a self-destruct timer for messages. Here’s how to use these features:

Step 1. To start a secret chat, click on the pencil icon (bottom-right corner) to start a new message.

Step 2. Instead of clicking New Group or New Contact, click on New Secret Chat.

Step 3. Then select the contact with whom you want to start the secret chat.

Screenshot of Telegram's Secret Chat interfaceTelegram thankfully lets you start a secure conversation in just a few clicks

4. Limit Who Can See Your Phone Number

By default, your Telegram contacts can see your phone number. But you can change this by going to the privacy and security settings. It’s possible to limit phone number visibility to just your contacts, or you can even make it entirely invisible to everybody.

Pro tip: If you want to be completely safe, you can sign up for Telegram with a secondary phone number by using an extra SIM card. This ensures that if there is another data breach that compromises the phone numbers of users, your actual phone number won’t be affected.

Step 1. Open the app, go to Settings, and select the Privacy and Security tab.

Step 2. Under Privacy, click on the Phone Number option.

Step 3. You’ll see 3 options — Everybody, My Contacts, and Nobody (highly recommended). Choose the one that suits you best.

Screenshot of Telegram's Phone Number settingsYou can also make it so people can’t look you up if they aren’t already a contact

5. Set Up a Local Passcode or Fingerprint Lock

In the privacy and security settings, you can enable a Passcode Lock. This means you would need to enter a 4-digit code or use your fingerprint to access your Telegram account. It provides an extra layer of security if someone gets hold of your device.

Step 1. Go to Settings and the Privacy and Security tab.

Step 2. Scroll down to find Passcode Lock. Enable it and set up a passcode.

Screenshot of Telegram's Password Lock settingsYou can also ensure Telegram content is blurred when switching between open apps on mobile

Step 3. If your phone has a fingerprint sensor and you want to use it, toggle on the Unlock with Fingerprint option.

6. Regularly Clear Your History

To protect your data from potential breaches, it's a good idea to routinely clear your chat history — especially if it contains sensitive information. This option can be found in the settings of individual chats.

Step 1. Open a chat you want to clear.

Step 2. Tap on the 3-dot menu at the top-right corner to open the options panel.

Step 3. Click on the Clear History button to delete any chat history. Confirm your choice if asked.

Screenshot of Telegram's chat interfaceThe clear history button clears all previous chats, including any pinned messages

While we’re at it, you can also clear your financial and address information if you’ve previously paid for Telegram Premium by going to Settings > Privacy and Security > Clear Payment and Shipping Info.

It can also be good housekeeping to disable active Telegram sessions on any other devices you’re not currently using. To do this, go to Settings > Privacy and Security > Devices > Terminate all other sessions.

7. Set Account to Self-Destruct

While it sounds dramatic, it can be a good idea to configure the self-destruct setting to delete your account after a specified period of inactivity. This will ensure that all your data, including chats and media, are automatically deleted from Telegram's servers if you ever stop using the app.

Step 1. Go to Settings and click on the Privacy and Security tab.

Step 2. Scroll down to find Delete My Account If Away For. Click on it and set your preferred duration.

Screenshot of Telegram's self-destruct settingsA month is the minimum inactivity period, while a year is the maximum

8. Be Aware of Scams and Phishing Attempts

Always be cautious when interacting with unknown users or clicking on links sent by strangers on Telegram. Plus, avoid sharing sensitive information unless you're certain about the recipient's identity and that the conversation is secure.

By following these guidelines, you can significantly improve your security and privacy while using Telegram. Always remember that while technology can provide tools for security, what’s most important is our awareness and proactive behavior in using these tools effectively.

Pro Tip: While Telegram is primarily designed for safe communication, it has seen its fair share of security concerns. If you’re looking for a safer alternative, check out our top secure messaging apps.

Best VPNs for Telegram in 2024

  1. ExpressVPN — Solid encryption with advanced Threat Manager for unbeatable protection on Telegram.
  2. CyberGhost — Smart rules feature enables you to set the VPN to automatically connect when accessing Telegram.
  3. Private Internet Access — MACE security suite blocks trackers from secretly collecting your data on Telegram.

Editor's Note: We value our relationship with our readers, and we strive to earn your trust through transparency and integrity. We are in the same ownership group as some of the industry-leading products reviewed on this site: Intego, Cyberghost, ExpressVPN, and Private Internet Access. However, this does not affect our review process, as we adhere to a strict testing methodology.

FAQs on Using Telegram Safely

Is Telegram a Russian app?

While Telegram was founded by Russian brothers, it’s officially incorporated in Dubai and the British Virgin Islands — and its team is spread worldwide. That said, the app still comes with some security risks you should be aware of.

Telegram’s founders, Nikolai and Pavel Durov, actually fled Russia in 2014 after refusing to give the Russian government user data from their first social network, VK (VKontakte). Telegram was also blocked in Russia in 2018 for the same reason. However, it should be noted that the Russian ban was subsequently lifted when Telegram agreed to "counter terrorism and extremism" on the app — which could be interpreted as agreeing to cooperate with authorities.

Can Telegram users see my phone number?

It depends on your settings — by default, generally only users who you've added to your contacts can see your phone number on Telegram. That said, if you engage in a group chat with members that aren't on your contact list, they might be able to see your number. So, make sure you manually configure your Telegram settings to limit who can see your phone number.

Another factor to bear in mind is that your device contacts who are already on Telegram will be notified when you join. This notification displays your name as it’s stored in your contacts’ devices, rather than your chosen Telegram username — which could affect your privacy.

Is Telegram safer than WhatsApp?

WhatsApp employs end-to-end encryption for all conversations by default, unlike Telegram, which only uses it for secret chats. However, each app has its pros and cons when it comes to safety and privacy. Telegram protects your messages with 2FA, passcode and fingerprint locks, and self-destruct messages.

It’s important to note that no messaging app is completely impervious to security threats. So, it's recommended to analyze all security and privacy features of any given messaging app to ensure it lives up to your expectations.

Is Telegram encrypted?

Yes, Telegram does use encryption. All chats are encrypted, but only Secret Chats use end-to-end encryption. I highly recommend using the Secret Chat feature for any conversation that involves sensitive information.

Can Telegram be traced?

Messages on Secret Chats can’t be traced but regular chats aren’t completely private. This is because Secret Chats use E2E encryption, but regular chats are only client-server encrypted — and Telegram holds the keys. So, normal chats could be traced or allow Telegram to monitor and archive the contents. Telegram claims that your activity isn’t tracked or monitored. However, this claim hasn’t been independently verified.

Wrapping Up

While Telegram does have its security drawbacks, it’s generally safe for casual use. As with any platform, the level of safety significantly depends on how you use it. The app comes with robust security features such as secret chats with end-to-end encryption, 2FA, and anti-phishing protections. So, it’s a relatively safe messaging app. That said, regular chats could be accessed by Telegram and the company has suffered from data branches in the past.

If you adhere to the recommended steps for enhancing your overall security and understand its limitations, you should be able to use Telegram without major concerns. Just stay informed about potential threats, keep your security settings updated accordingly, and avoid sharing sensitive data with unknown contacts. By doing so, you can keep your messaging private and secure from bad actors on the internet.

Privacy Alert!

Your data is exposed to the websites you visit!

Your IP Address:

Your Location:

Your Internet Provider:

The information above can be used to track you, target you for ads, and monitor what you do online.

VPNs can help you hide this information from websites so that you are protected at all times. We recommend ExpressVPN — the #1 VPN out of over 350 providers we've tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it's currently offering 82% off.

Visit ExpressVPN

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address