Most people are trapped when it comes to their phones: they know smartphones often pose major privacy and security liabilities, but they’re a required part of modern life. As a result, billions of people continue to use phones despite their worries over privacy breaches.
Some try to solve this dilemma by using free apps, like Telegram, which claim to be “heavily encrypted” to keep users secure. However, even apps that offer “end-to-end encryption” can pose data liabilities if they share user’s information (as Telegram does).
By delving deeper into the topic, the dangers in some of these allegedly secure platforms come to light.
Telegram has over 500 million downloads. It is advertised as a secure platform. However, the presence of encryption doesn’t mean it doesn’t have vulnerabilities.
There are many software tools designed to export members of Telegram groups, the most popular one is called Telegram Scraper, which is the name for all AI apps that search through Telegram group chats to compile information about members. Telegram Scraper advertises itself as a “great tool for creating custom audiences for Telegram advertising campaigns.”
Telegram Scraper lets users build a list of “Telegram niche group IDs or usernames.” Extracting private data without the user’s knowledge is invasive and it’s possible to extrapolate even more information by connecting the extracted pieces together. How could such a tool exist if Telegram was truly secure?
Anyone can download Telegram Scraper and sample how it works before they buy it. In other words, you can get user information from people on Telegram before you even spend a penny.
By comparison, ChatMail encrypted mobile phones offer fully encrypted group chat and even an anonymous group chat, so this type of intrusion can’t occur.
Encryption Isn’t the Default
The word “encryption” suggests the idea of maximum security, but Telegram requires users to switch on their encryption. Why would a platform invested in security allow the option to turn encryption off, never mind default to such an insecure mode for new users?
While it’s hard to know the number, it’s likely many of the 500 million people who use it don’t know their communications are not protected by encryption. Also, Telegram only offers encryption in certain places: Secret Chats and voice and video calls.
The app supports group chats of up to 200,000 people, an astonishingly high number that surpasses what rivals offer in the group chat mode. In other words, if hackers manage to hack one group, it could breach the privacy of many innocent and unsuspecting people.
In fact, in 2018, Motherboard reported that German police had hacked Telegram and used it to spy on citizens for years. They even coded a software called “Bundestrojaner” (a federal Trojan horse) that made it easy.
Although police, in this case, spied on citizens to arrest a far-right terrorist cell, the fact remains Telegram users were vulnerable in ways they didn’t know at the time. Police have spied on at least twelve other groups, too, according to Motherboard’s information.
Law enforcement agencies have occasionally been criticized for pursuing the wrong people, accidentally or even for deliberately targeting perceived enemies who were not guilty of committing a crime.
It could have been the other way around, with terrorists hacking the platform to get confidential, sensitive information on citizens. While it’s easier to shrug off an illegal communications breach when authorities stop a violent terrorist threat, accepting this type of snooping sets a dangerous precedent.
At the very least, it’s scary to think that nefarious actors can also exploit such a gaping security hole. There are many reasons to secure your communication no matter who you are, as every ordinary person has sensitive data worth a lot of money to hackers.
The country in which a communications platform operates has important implications for security, since any government can change the laws in ways that effect user privacy. Telegram was based in Russia and left St. Petersburg for Dubai, UAE, citing “local IT reasons.” As Russia officially blocked Telegram in June, 2020, that is an understatement.
The Russian government had asked Telegram to store users’ encryption keys and provide them to the Federal Security Service. The company protested, saying it was impractical, since the encryption keys are only stored on the devices themselves and the move would violate the constitutional rights of citizen’s privacy. The Kremlin didn’t back down so Telegram left, saying they’d move again if faced with the same conflict elsewhere.
This story outlines why it’s important to be based in a democratic country that respects the rule of law and citizen’s rights. It says something of Telegram’s integrity to relocate rather than remain in place and then having to bow to the state’s overreach. This type of pressure is being exerted around the world.
Telegram stores messages in “cloud chats,” which are described as “automated algorithms” that analyze communications to prevent spam or phishing. The cloud chats are not encrypted. A flaw was detected that allows an adversary to reorder messages, potentially allowing a hacker how to manipulate Telegram’s bots.
Researchers from the University of London discovered coding that enabled attackers to extract plaintext from encrypted messages in Android, iOS and desktop versions of Telegram. There are also privacy problems with Facebook and its encryption on smartphones and other platforms it owns, like WhatsApp, but even apps that are known for being secure can have exposures.
The only way to ensure your private communications are not accessed, analyzed, stored, or sold is to get a fully encrypted phone, built from the ground up with privacy in mind. When a phone has industry-leading security and privacy features, you’ll be confident the encryption is protecting you and that the service provider has safeguards in place to prevent anyone from spying on you or selling your data.
Myntex solutions deliver military-grade encryption and a suite of secondary security features to protect your communications. ChatMail phones deliberately exclude third-party apps because we value privacy above all, so we’ve designed our platform to let people enjoy the best of both worlds: modern smartphone functionality without fear of a data breach.