Is Telegram Safe to Use in 2024? Privacy and Security Analysis

Telegram is a popular messaging app that’s supposed to support private communication. But is Telegram safe to use for conversations and sending photos? Secure communication has never been more necessary, so it's crucial to understand how Telegram protects your data.

Telegram claims that its app offers robust encryption, has messages that can self-destruct, and that it keeps your data protected from hackers and cyber threats. However, other social media apps — like WhatsApp, Reddit, and Instagram — have made similar claims, only to leave your data vulnerable to leaks or snooping. So, is Telegram the same?

I decided to run in-depth tests and look at the security and privacy features that Telegram has set in place to keep your messages safe. This guide offers you a complete review of Telegram’s overall security and any potential concerns — so you can make an informed decision about whether you should be using it.

Telegram’s Security Features

Telegram is known for its various security measures and it’s important to look at every distinct feature. This helps you make an informed decision about whether Telegram's level of protection aligns with your privacy expectations. Some of the key safety measures include:

• Secret Chats. These chats use end-to-end (E2E) encryption, ensuring that only the sender and the intended recipient can read the messages. That means even Telegram themselves can’t decipher these messages. Secret Chats aren’t stored on Telegram's servers, and your communications can be configured to be automatically deleted after a set time.
• Encrypted voice and video calls. Telegram offers encrypted calls. These calls also use E2E encryption, similar to Secret Chats. Only the caller and the recipient will have access to the call — the encryption ensures that no one else can listen in. Encryption is verified by 4 emojis; if both you and the other person on the call see the same emojis, you’ll know the call is fully encrypted.
• Encrypted cloud storage. Telegram uses client-server encryption for all data stored in its cloud storage. This means your data is encrypted when it’s in transit between your device and Telegram's servers, and it remains encrypted while stored on their servers.
• Two-step verification. By default, there is no password on your account — you just need to input a temporary code sent to your mobile device to log in. When two-step verification is enabled, it requires you to input a password in addition to the SMS code. This additional step makes it significantly more difficult for anyone to gain unauthorized access to your account.
• Passcodes and fingerprint locks. To protect your app from unauthorized physical access, you can set up a local passcode or a fingerprint lock on Telegram. This means that even if someone has access to your device, they won’t be able to compromise your Telegram account.
• Account self-destruct. If you want to stop using Telegram, the app features a self-destruct mechanism. After a certain period of inactivity (which you can set), your account will be automatically deleted — along with all data, messages, and associated media.
• Anti-phishing features. Telegram has mechanisms in place to counter phishing attempts. It uses bots and machine learning algorithms to detect and block accounts that are suspected of malicious activities such as spamming or phishing.
• MTProto protocol. Telegram uses its own encryption protocol called MTProto. While it has faced criticism due to its lack of independent audits, the company claims the protocol is continuously updated and improved to address potential security threats.
• Private read receipts. Like WhatsApp, Telegram messages have read receipts (indicated by the same double tick next to a message). However, unlike WhatsApp, Telegram doesn’t show you who read the message. That means — in a group chat — no one can see if you read or didn’t read their latest communication. Unfortunately, Telegram offers no way to turn off read receipts totally.

Taken together, these features represent a robust effort on Telegram’s part to ensure the security and privacy of its users. However, as with any digital platform, the level of security you experience ultimately depends on how you use these features and safeguards. It’s also essential to use a strong and unique password for your Telegram account.

Safety and Privacy Risks of Using Telegram

Despite the security measures, there are aspects of Telegram that pose potential risks. The major concern is that its regular chats aren’t E2E encrypted by default. Plus, Telegram's encryption protocol hasn’t been tested as extensively as some other protocols, leaving some experts skeptical of its reliability.

To ensure you're aware of these risks, let's dissect some of the key concerns:

• Data leaks. In the past, there has been an instance of a data breach affecting Telegram. In 2020, the phone numbers and unique IDs of millions of Telegram users were reportedly accessed via a vulnerability and then exposed in a darknet forum. While most of the data leaked was outdated, and passwords and messages were not compromised, this still raises concerns about the app’s data protection practices.
• Hacker target. Due to its increasing popularity and perceived security, Telegram has become a prime target for hackers. Cybercriminals often try to exploit potential vulnerabilities in the app, conduct phishing attacks, commit financial or crypto fraud, or use social engineering tactics to steal user data.
• Default encryption and access to user data. Your standard messages don’t use E2E encryption by default. Instead, these chats are client-server encrypted. While your data is encrypted both during transit and while it's stored on their servers, Telegram retains the encryption keys. This means that Telegram or any malicious actor with access to these keys could decrypt and access your messages. Other private messaging apps like Signal, WhatsApp, Wire, and Threema use E2E encryption by default.
• Privacy policy ambiguities. Telegram's privacy policy states that it stores identifying user metadata — like your IP address, phone number, location data, and any unencrypted messages and media — for "as long as it’s necessary for Telegram to function." This vague language leaves a lot of room for interpretation. It’s doubly concerning as Telegram has shared user data with authorities and governments in the past.
• MTProto protocol controversy. Telegram uses a homegrown encryption protocol called MTProto. While the company states that it’s secure, MTProto isn’t open source, so it hasn’t been as extensively audited as other more established protocols (for example, Signal’s protocol or WhatsApp’s implementation of the Open Whisper Systems protocol). Due to this, cybersecurity experts have expressed concerns about potential hidden vulnerabilities.
• Potential exposure in group chats. If you engage in a group chat, members who aren’t on your contact list may still be able to see your phone number. This can expose your personal information to strangers or third parties, leading to potential privacy breaches. The Secret Chat option is also not available for group messages, meaning you can’t have an encrypted group chat like you can with WhatsApp.
• Contact syncing. When you install Telegram, it requests access to your phone's contacts. This is so you can connect with people you know who are also using Telegram. However, this could potentially expose your entire contact list to Telegram, a significant concern for those who value their contact privacy.

In light of these risks, it's crucial to understand that — while Telegram does offer robust features for security-conscious users — it’s not safe from potential cyber threats. As with any platform, it's important to stay informed and take appropriate measures to protect your data.

How To Use Telegram Safely

While Telegram provides various security features, it's equally essential for users to know how to leverage these features effectively. Here are some practical steps you can take to ensure your use of Telegram aligns with best practices for digital safety and privacy:

1. Enable Two-Step Verification

2FA (or what Telegram calls Two-Step Verification) adds an extra layer of security to your account by requiring a password in addition to the code you receive via SMS when logging in. Here’s how you can use it on Telegram:

Step 1. Open the Telegram app and click on the menu icon (three lines in the top-left corner).

Step 2. Click on Settings and then Privacy and Security.

You can configure 2FA, set up a local password or fingerprint unlock, and more

Step 3. Scroll down to find the Two-Step Verification option and click on it.

Step 4. Set up a strong password and recovery email. Make sure your email is secure, as it can be used to reset your password.

I’d recommend using a password generator to create a strong password

2. Use Secret Chats for Sensitive Conversations

Secret chats provide end-to-end encryption and aren’t stored on Telegram's servers. There’s also a self-destruct timer for messages. Here’s how to use these features:

Step 1. To start a secret chat, click on the pencil icon (bottom-right corner) to start a new message.

Step 2. Instead of clicking New Group or New Contact, click on New Secret Chat.

Step 3. Then select the contact with whom you want to start the secret chat.

Telegram thankfully lets you start a secure conversation in just a few clicks

3. Limit Who Can See Your Phone Number

By default, your Telegram contacts can see your phone number. But you can change this by going to the privacy and security settings. It’s possible to limit phone number visibility to just your contacts, or you can even make it entirely invisible to everybody.

Step 1. Open the app, go to Settings, and select the Privacy and Security tab.

Step 2. Under Privacy, click on the Phone Number option.

Step 3. You’ll see 3 options — Everybody, My Contacts, and Nobody (highly recommended). Choose the one that suits you best.

You can also make it so people can’t look you up if they aren’t already a contact

4. Set Up a Local Passcode or Fingerprint Lock

In the privacy and security settings, you can enable a Passcode Lock. This means you would need to enter a 4-digit code or use your fingerprint to access your Telegram account. It provides an extra layer of security if someone gets hold of your device.

Step 1. Go to Settings and the Privacy and Security tab.

Step 2. Scroll down to find Passcode Lock. Enable it and set up a passcode.

You can also ensure Telegram content is blurred when switching between open apps on mobile

Step 3. If your phone has a fingerprint sensor and you want to use it, toggle on the Unlock with Fingerprint option.

5. Regularly Clear Your History

To protect your data from potential breaches, it's a good idea to routinely clear your chat history — especially if it contains sensitive information. This option can be found in the settings of individual chats.

Step 1. Open a chat you want to clear.

Step 2. Tap on the 3-dot menu at the top-right corner to open the options panel.

Step 3. Click on the Clear History button to delete any chat history. Confirm your choice if asked.

The clear history button clears all previous chats, including any pinned messages

While we’re at it, you can also clear your financial and address information if you’ve previously paid for Telegram Premium by going to Settings > Privacy and Security > Clear Payment and Shipping Info.

It can also be good housekeeping to disable active Telegram sessions on any other devices you’re not currently using. To do this, go to Settings > Privacy and Security > Devices > Terminate all other sessions.

6. Set Account to Self-Destruct

While it sounds dramatic, it can be a good idea to configure the self-destruct setting to delete your account after a specified period of inactivity. This will ensure that all your data, including chats and media, are automatically deleted from Telegram's servers if you ever stop using the app.

Step 1. Go to Settings and click on the Privacy and Security tab.

Step 2. Scroll down to find Delete My Account If Away For. Click on it and set your preferred duration.

A month is the minimum inactivity period, while a year is the maximum

7. Be Aware of Scams and Phishing Attempts

Always be cautious when interacting with unknown users or clicking on links sent by strangers on Telegram. Plus, avoid sharing sensitive information unless you're certain about the recipient's identity and that the conversation is secure.

By following these guidelines, you can significantly improve your security and privacy while using Telegram. Always remember that while technology can provide tools for security, what’s most important is our awareness and proactive behavior in using these tools effectively.

FAQs on Using Telegram Safely

Is Telegram a Russian app?

While Telegram was founded by Russian brothers, it’s officially incorporated in Dubai and the British Virgin Islands — and its team is spread worldwide. That said, the app still comes with some security risks you should be aware of.

Telegram’s founders, Nikolai and Pavel Durov, actually fled Russia in 2014 after refusing to give the Russian government user data from their first social network, VK (VKontakte). Telegram was also blocked in Russia in 2018 for the same reason. However, it should be noted that the Russian ban was subsequently lifted when Telegram agreed to "counter terrorism and extremism" on the app — which could be interpreted as agreeing to cooperate with authorities.

Can Telegram users see my phone number?

It depends on your settings — by default, generally only users who you've added to your contacts can see your phone number on Telegram. That said, if you engage in a group chat with members that aren't on your contact list, they might be able to see your number. So, make sure you manually configure your Telegram settings to limit who can see your phone number.

Another factor to bear in mind is that your device contacts who are already on Telegram will be notified when you join. This notification displays your name as it’s stored in your contacts’ devices, rather than your chosen Telegram username — which could affect your privacy.

Is Telegram safer than WhatsApp?

WhatsApp employs end-to-end encryption for all conversations by default, unlike Telegram, which only uses it for secret chats. However, each app has its pros and cons when it comes to safety and privacy. Telegram protects your messages with 2FA, passcode and fingerprint locks, and self-destruct messages.

It’s important to note that no messaging app is completely impervious to security threats. So, it's recommended to analyze all security and privacy features of any given messaging app to ensure it lives up your expectations.

Is Telegram encrypted?

Yes, Telegram does use encryption. All chats are encrypted, but only Secret Chats use end-to-end encryption. I highly recommend using the Secret Chat feature for any conversation that involves sensitive information.

Can Telegram be traced?

Messages on Secret Chats can’t be traced but regular chats aren’t completely private. This is because Secret Chats use E2E encryption, but regular chats are only client-server encrypted — and Telegram holds the keys. So, normal chats could be traced or allow Telegram to monitor and archive the contents. Telegram claims that your activity isn’t tracked or monitored. However, this claim hasn’t been independently verified.

Wrapping Up

While Telegram does have its security drawbacks, it’s generally safe for casual use. As with any platform, the level of safety significantly depends on how you use it. The app comes with robust security features such as secret chats with end-to-end encryption, 2FA, and anti-phishing protections. So, it’s a relatively safe messaging app. That said, regular chats could be accessed by Telegram and the company has suffered from data branches in the past.

If you adhere to the recommended steps for enhancing your overall security and understand its limitations, you should be able to use Telegram without major concerns. Just stay informed about potential threats, keep your security settings updated accordingly, and avoid sharing sensitive data with unknown contacts. By doing so, you can keep your messaging private and secure from bad actors on the internet.