
Is Telegram really an encrypted app?
TechFlow Selected TechFlow Selected

Is Telegram really an encrypted app?
The world government used them as a shield for their political agenda.
Author: Matthew Green
Translation: Block unicorn

About the author: Matthew Green is a cryptographer and professor at Johns Hopkins University. I design and analyze cryptographic systems used in wireless networks, payment systems, and digital content protection platforms. In my research, I explore various ways to use cryptography to protect user privacy.
This article was inspired by recent disturbing news that Telegram's CEO Pavel Durov was arrested by French authorities for failing to adequately moderate content. While I don't know the specifics, using criminal charges to pressure social media companies is a deeply concerning escalation—and things don’t seem as straightforward as they appear on the surface.
But today, I don't want to talk about the arrest itself.
I want to focus on one specific detail reported in the coverage—specifically, that nearly every news report about this arrest refers to Telegram as an "encrypted app." Here are a few examples:

This claim drives me crazy because, from a very narrow technical standpoint, it’s not entirely false. Yet on every meaningful level, it fundamentally misleads people about what Telegram actually is and how it works in practice. This misrepresentation harms both journalists and Telegram users—especially those who may be seriously harmed as a result.
So let’s dive into the details.
Does Telegram actually have encryption?
Many systems use encryption in some form. However, when we talk about encryption in the context of modern private messaging services, the term usually has a very specific meaning: it refers to default end-to-end encryption (E2EE) that protects the content of users’ messages. When implemented according to industry standards, this ensures each message is encrypted with a key known only to the communicating parties—the service operator does not possess these keys.
From your perspective as a user, an “encrypted messaging app” means that whenever you start a conversation, only the person you're chatting with can read your messages. If the messaging service operator tries to access your messages, they would see nothing but useless encrypted data. The same guarantee applies to anyone who hacks into the provider’s servers or law enforcement agencies serving subpoenas to the provider—regardless of whether that’s good or bad.
Telegram clearly fails to meet this stricter definition—for a simple reason: It does not enable end-to-end encryption by default. To use E2EE in Telegram, you must manually activate an optional feature called “Secret Chats” for each private conversation. This feature is explicitly disabled for most conversations and only works in one-on-one chats—never in group chats with more than two participants.
As a strange “add-on,” enabling end-to-end encryption in Telegram is practically burdensome for non-technical users.
First, the button to activate Telegram’s encryption is not visible in the main chat window or home screen. To find it in the iOS app, I need to tap at least four times—once to open the user’s profile, once to bring up a hidden menu with options, and finally confirm that I want to enable encryption. And even then, I still can’t start an encrypted conversation, because the “Secret Chat” function only works when your contact is online.

Starting a “Secret Chat” with my friend Michael in the latest Telegram iOS app isn’t directly accessible from the regular chat interface. Activating it requires four taps:
(1) Go to Michael’s profile page (left image),
(2) Tap the “…” button to reveal a hidden set of options (middle image),
(3) Select “Start Secret Chat”,
(4) Confirm in the “Are you sure you want to continue?” dialog box. Even after this, I still can’t send any messages to Michael, because Telegram’s Secret Chat only activates when the other party is also online.
Overall, this experience is vastly different from starting a new encrypted chat in a modern, industry-standard encrypted messaging app, where you simply open a new chat window.
This might seem like nitpicking, but the difference between default E2EE and this cumbersome process is significant. In practice, it means the vast majority of one-on-one Telegram conversations—and all group chats—are likely visible and recordable by Telegram’s servers, which can see and log the content of all messages sent between users. This may or may not be a problem for individual Telegram users, but it certainly shouldn’t be marketed as especially secure or encrypted.
(If you’re interested in deeper technical details and further criticisms of Telegram’s actual encryption protocols, I’ll elaborate below.)
Is default encryption really important?
Maybe yes, maybe no! There are two distinct perspectives on this question.
One view is that Telegram’s lack of default encryption is perfectly fine for many users. The reality is that many people don’t use Telegram as an encrypted private messaging tool at all. For them, Telegram functions more like a social media network than a private messaging app.
Specifically, Telegram has two popular features that make it ideal for such use. One is the ability to create and subscribe to “channels”—each functioning like a broadcast network where one (or a few) individuals can push content to millions of readers. When you're broadcasting messages to thousands of strangers, message confidentiality isn't particularly important.
Telegram also supports large public group chats with thousands of users. These groups can be open to the public or restricted to invite-only access. While I personally have never seen the appeal of sharing a chat with thousands of people, I’ve heard many enjoy this feature. In such large public groups, the lack of encryption in Telegram chats isn’t a big deal—after all, who cares about encryption when speaking in a public square?
But Telegram isn’t limited to just these uses. Many users who join for these reasons end up doing other things too.
Imagine you're in a large group chat—a kind of “public square.” In that setting, strong privacy expectations may not exist, so end-to-end encryption doesn’t matter much. But suppose you and five friends leave the square to have a private conversation. Should that discussion warrant strong privacy protection? Well, Telegram won’t provide it—at least not by default. Without manual activation, Telegram offers no protection against its own servers accessing your chat content.
Likewise, suppose you use Telegram mainly for its social media features—consuming rather than creating content. But one day, a friend joins Telegram for similar reasons, discovers you’re on the platform, and decides to send you a private message. Now, do you care about privacy? Will you both go through the trouble of manually enabling “Secret Chats”—despite requiring four deliberate taps through a hidden menu, and despite the fact that it prevents immediate communication if either of you is offline?
I strongly suspect many people join Telegram for its social media features but eventually use it for private conversations too. I believe Telegram knows this and deliberately markets itself as a “secure messaging app,” highlighting its encryption capabilities precisely because it makes users feel safer. Yet in reality, I doubt most users actually use Telegram’s encryption features. Many may not even realize they need to manually turn it on—they might assume they’re already protected.
This leads to my next point.
Telegram knows its encryption is hard to enable, yet continues to market its product as a secure messaging app.
Since 2016 (and possibly earlier), Telegram’s encryption has faced serious criticism for many of the reasons outlined in this article. In fact, much of this criticism came from experts—including myself—in past Twitter discussions with Pavel Durov.
Although interactions with Durov were sometimes tense, I mostly believed back then that Telegram acted in good faith. I assumed Telegram was busy growing its network and would gradually improve the quality and usability of its end-to-end encryption—by making it default, supporting group chats, and allowing encrypted chats with offline users. I figured that while Telegram might be a follower rather than a leader, it would eventually reach a functional level comparable to Signal and WhatsApp in terms of encryption. Alternatively, perhaps Telegram would abandon encryption altogether and focus purely on being a social media platform.
What actually happened left me increasingly puzzled.
Instead of improving the usability of end-to-end encryption, Telegram’s owner has made almost no changes to the encryption user experience since 2016. Despite some upgrades to underlying cryptographic algorithms, the Secret Chat experience in 2024 is nearly identical to what it was eight years ago. Meanwhile, Telegram’s user base has grown 7 to 9 times over the same period.
At the same time, Telegram CEO Pavel Durov continues to actively promote Telegram as a “secure messaging app.” Recently, he sharply criticized Signal and WhatsApp on his personal Telegram channel, suggesting those systems contain backdoors installed by the U.S. government—and implying that only Telegram’s independent encryption protocol is truly trustworthy.
If this were a legitimate technical debate between two platforms offering default end-to-end encryption, it might be understandable. But Telegram has no standing in this conversation. Seeing Telegram encourage users to avoid apps with default encryption, while refusing to implement basic features that would widely encrypt user messages, is no longer amusing. In fact, it’s beginning to look malicious.
What about the cryptographic details?
This is a cryptography blog, so I’d be remiss not to spend a moment on the tedious protocol specifics. I’d also miss a great opportunity to marvel—once again—at the internal mechanics of Telegram’s encryption, which leaves me almost speechless every time I examine it.
To minimize pain, I’ll summarize the details in one paragraph—you’re welcome to skip ahead if uninterested.
According to what I believe is the latest specification, Telegram’s Secret Chats rely on a custom protocol called MTProto 2.0. The system uses 2048-bit finite-field Diffie-Hellman key exchange, with group parameters (as far as I understand) chosen by the server. (Because Diffie-Hellman requires both users to be online simultaneously, secret chats cannot be initiated when one user is offline.) Man-in-the-middle (MITM) protection is handled manually by end users comparing key fingerprints. The server provides some strange random nonces whose purpose I don’t fully understand *——in the past, these nonces rendered the key exchange completely insecure against malicious servers (though this issue has long been fixed)*. The resulting keys are then used in an astonishingly non-standard authenticated encryption mode—a scheme called “Infinite Garble Extension” (IGE) based on AES, with SHA-2 used for authentication.**
Note: Every point I marked with “*” above is something a professional cryptographer would raise their hand and question during a security audit. Suffice it to say, Telegram’s encryption is highly unusual.
If you asked me whether I think Telegram’s Secret Chat protocol and implementation are secure, I’d say probably—but honestly, it doesn’t matter. If people aren’t actually using it, no amount of theoretical security helps.
Block unicorn note: In short, Telegram’s encryption system uses complex techniques to protect information, but the user experience for setup and usage is complicated. Some technical aspects may seem opaque, particularly around the use of random numbers and key protection methods.
Finally
While end-to-end encryption is one of the best tools we’ve developed to prevent data leaks, it’s not the whole story. One of the biggest privacy issues in messaging involves massive amounts of metadata—essentially data about who uses the service, who they communicate with, and when.
This data is typically not protected by end-to-end encryption. Even in apps focused solely on broadcasting, like Telegram’s channels, there is valuable metadata about who listens to broadcasts. This information is inherently valuable—as evidenced by traditional broadcasters spending huge sums collecting audience data. Currently, all this metadata likely resides on Telegram’s servers and could be accessed by anyone seeking it.
I’m not singling out Telegram here—nearly all other social media networks and private messaging apps suffer from the same issue. But it’s worth mentioning, because I don’t want you to walk away thinking encryption alone is enough.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News














