Is Telegram safe to use in 2025? The ultimate privacy & security breakdown

What is Telegram?

Telegram is a popular messaging app built with a focus on speed and security. Since it was founded by Nikolai and Pavel Durov in 2013, the app has grown to 1 billion monthly users worldwide. The independently owned company is an alternative to Big Tech platforms like WhatsApp, with a commitment to safeguarding private information and promoting free speech.

Telegram is free to download and use, with all security features available at no cost. The app also has a Premium version which is meant to help support its development and reduce the dependency on advertisers and stakeholders for monetization. The subscription gives access to numerous add-ons, including voice-to-text conversion, advanced chat management, premium stickers, custom emoji, no ads, and more.

Key Telegram security and privacy features

To maintain their focus on speed and security, Telegram has the following features in place: 

Encryption

For default chats, Telegram relies on its proprietary MTProto, which encrypts messages between user devices and Telegram’s servers. This means that your messages are protected from outsiders while in transit, but the company holds the encryption keys. This system ensures that chats remain secure against third-party snooping while allowing Telegram to offer features like multi-device syncing and cloud backups.

For those who prefer end-to-end encryption, the Secret Chat feature is available.

Secret Chat

This feature enables end-to-end encryption: no one but you and the recipient can access your messages, including Telegram. Messages in Secret Chats also can’t be forwarded to other users and you’re notified if the other party takes a screenshot of the conversation.

The feature is device-specific, meaning you can access the Secret Chat only from the device where you initiated it, and it’s unavailable on desktop. It’s also only available in person-to-person conversations—it doesn’t work in groups or channels.

Self-destructing messages

This feature automatically deletes messages after a certain amount of time. Timeframes suggested by default are 1 day, 1 week, and 1 month, but you can set a custom interval as well. It can be enabled across all chats via account settings as well as in specific conversations. One thing to remember, though, is that it applies only to messages sent after the activation—earlier ones won’t disappear.  

Passcode lock 

As the name suggests, this feature allows locking your app with a passcode: when you open it, you’ll need to enter a 4-digit code to access the chats. It also hides message content and sender names in notifications. You can set the time of inactivity, from 1 minute to 5 hours, after which the app will be locked automatically, or you can do it manually from the chats screen.

Decentralized server locations

Telegram’s data infrastructure is spread across several countries. This ensures that they are not tied to a single jurisdiction and can resist government censorship and data requests from any one nation. Telegram remains operationally independent and continues to function in countries that try to block or seize it.

Bug bounty program

Telegram welcomes outsiders to audit its code, protocol, and services for potential vulnerabilities. If such are found, the researcher is eligible for a bounty. This program helps improve Telegram’s safety and demonstrates its commitment to transparency and security. 

Common Telegram concerns

Over the years, Telegram has faced a fair share of controversies. From being called a privacy nightmare to a premier internet platform to buy hacked data, weapons, and illicit drugs, the company has been criticised both by experts and users. Here are the main concerns that are frequently raised:

Default chats aren’t end-to-end encrypted 

As described above, default chats use server-based encryption instead of end-to-end one. This does have its benefits, like device syncing, cloud backups, and reduced storage pressure on devices. However, it also comes with its share of risks: since Telegram holds the encryption keys, it could theoretically access your messages if compelled by a government, during a legal investigation, or if the company’s servers are compromised. As for the latter, storing messages on Telegram’s servers creates a central point of failure that could attract hackers seeking to access user data at scale. 

However, the company has repeatedly defended MTProto, stating that it’s been battle-tested since 2013 without a single successful break and it helps optimize speed and reliability over unstable mobile networks while remaining secure. And even though Telegram has increased its cooperation with authorities by providing user data, those cases are reportedly limited to cybercrime, online fraud, terrorism, and other crimes. Moreover, the details shared are mainly IP addresses and phone numbers, with no evidence of personal messages being disclosed as well.

On one hand, if you’re an ordinary user who doesn’t indulge in illegal activities, the lack of E2EE shouldn’t bother you much. On the other hand, it’s important to understand that theoretically, your conversations can be accessed by a third party.

Metadata collection

Telegram’s Privacy Policy mentions what user data they collect, but there’s no clear list. Presumably, the company stores:

• Account info (phone number, username, profile name, profile picture, etc.)
• Your contacts (if you allow contact syncing)
• IP addresses
• Device info and logs
• Message metadata (who you’re chatting with and when, group/channel membership, etc.)

On the bright side, Telegram explicitly states that it doesn’t use this data for ad targeting or other commercial purposes. On the other hand, it can potentially be compromised in a security breach or accessed by authorities after a legal request.

While such data collection is not atypical, there are messaging apps like Signal that store even less.     

Phone number linking

Telegram requires your phone number to create an account, and people who have your number saved on their phone will get a notification that you’re now on Telegram or will see you in their contacts. Even if you create an account with a pseudonym, your contacts will still see you under the name you’re saved with on their device—which can be an issue if you want to register anonymously. 

Additionally, unless you adjust privacy settings, anyone can find you with your phone number and send a message, which potentially exposes you to scams, spam, and harassment.

Vulnerabilities with public groups and channels

Telegram is often praised for its efficiency in allowing up to 200,000 members in a group chat and having no member limit for channels. This makes the app popular among content creators and small businesses. However, even though Telegram blocks those that violate its terms of service (e.g. include incitement to violence, illegal activities, etc.), there are some risks for an average user:

• Users can be added without consent: By default, Telegram allows anyone to add you to a group. If you don’t change your privacy settings, you may join a group or channel without consent. 
• Data scraping: Usernames, bios, profile photos, and messages are visible to anyone who joins a group/ channel. This allows malicious actors to scrape data from numerous accounts via a single group.
• Scams: Telegram scams take many forms, but groups and channels are particularly vulnerable to phishing and impersonation scams. Any link or file sent by other users can turn out to be malicious, and it takes time for moderators and admins to notice and delete it.

Minimal platform-wide moderation policies

Even though Telegram’s Terms of Service explicitly forbid using the platform for illegal and unethical activities, its approach to moderation is quite hands-off and depends more on user reports. There’s no doubt that Telegram champions freedom of speech and is even known for supporting protest movements. However, this light-touch moderation has also been grossly exploited by criminals and terrorists who use the app to communicate about their schemes and recruit members.

This even led to the arrest of Pavel Durov, Telegram CEO, last year in France. Among other charges, Durov was accused of complicity in the distribution of child exploitation material and drug trafficking. Telegram responded by stating that its moderation is within industry standards and the owner isn’t responsible for criminals’ abuse of the platform. 

Durov was released a couple of days later, though he remains under judicial supervision in France and the legal case against him is ongoing. Telegram has since tightened its moderation of illegal content and joined the Internet Watch Foundation (IWF), but it has not fundamentally changed its philosophy of minimal moderation outside of clear legal violations, continuing to prioritize its privacy-focused and censorship-resistant positioning. 

Tips to make Telegram safer

By default, Telegram is only moderately safe—most security features require enabling manually. To make your experience as private and secure as possible, be sure to:

• Enable two-factor authentication so that login requires an additional step. This will prevent unauthorized access to your account even if your password is compromised. To enable 2FA, go to Settings > Privacy and Security > Two-Step Verification > Set Additional Password.
• Set a passcode lock to prevent access to your chats in case your device is stolen or lost. It’s also a good idea to enable auto-lock so that you don’t have to do it manually each time. Go to: Settings > Privacy and Security > Passcode Lock.
• Tweak privacy settings to adjust who can see your phone number, activity status, bio, and other profile details. You can also adjust who can call you, send you messages, and send invites—preferably, limiting those only to your contacts.
• Set up a username and limit who can find you with your phone number. 
• Disable contact syncing to prevent the app from uploading your phone’s contact list to its servers and reduce the amount of data Telegram collects. You can do this via Settings > Privacy and Security > Contacts. 
• Be wary of public groups and unknown bots: adjust the settings so that only your contacts can invite you and stay vigilant when you join. Don’t click on links and files from strangers and never share personally identifiable information.
• Turn on Secret Chats to make your person-to-person conversations end-to-end encrypted and prevent access even by Telegram. Open the chat you want to make secret > tap on the person’s profile (name and photo) > tap the menu (three dots) > Start Secret Chat.
• Enable Auto-Delete for sensitive conversations so that the messages self-destruct after a set period of time.
• Disable media auto-download to prevent accidentally downloading malicious files. You can do this via Settings > Data and Storage.
• Regularly review active sessions to ensure you recognize all devices.
• Use a VPN to hide your IP address and limit the data Telegram collects about you (and potentially discloses to third parties).

Telegram vs other secure messaging apps

The main competitors of Telegram are WhatsApp and Signal. All three have features similar to one another as well as distinct differences. 

In terms of security, WhatsApp’s main difference from Telegram is its use of end-to-end encryption for all chats by default. However, the app is owned by Meta, which is known for extensive data collection and user profiling. In fact, Telegram saw approximately 5.6 million downloads in just a couple of days when WhatsApp updated its privacy policy in 2021. Overall, WhatsApp is pretty safe but it lacks some useful features like usernames and Secret Chats. 

Signal is commonly considered to be the most secure messaging app around. It uses end-to-end encryption by default and collects almost no metadata. It also has an open-source code so that anyone can review it and confirm there are no security issues. Signal focuses on privacy-first messaging, so it’s not as convenient as Telegram for groups and communities. 

Here’s an overview of the main features of the three apps:

Conclusion: who is Telegram best for?

The Telegram messenger is safe for individuals who want a convenient, flexible, yet secure app. The platform is a good choice for day-to-day conversations, especially since you can access all chats on various devices. Its security features are robust enough for an average user and allow protecting your privacy and limiting who can contact you, ultimately providing greater anonymity than many mainstream apps.

Telegram is also the best choice for content creators and business owners due to its unlimited broadcast channels, support for large groups with up to 200,000 members, and the ability to automate interactions using bots. 

If you’re dealing with highly sensitive information, however, you might want to consider Signal. Even though there’s no evidence of Telegram sharing chat content with authorities or third parties, you can’t be sure that it won’t happen in the future.    

FAQs 

Is the Telegram app safe?

Telegram is a safe app for an average user. It encrypts messages and provides security features to prevent unauthorized access to your account and maximize your privacy. However, Telegram’s encryption is server-based, meaning the company can potentially access your messages.

How secure is Telegram?

Telegram is fairly secure, offering encryption that protects messages in transit, 2FA, a passcode lock for device-level security, and other privacy settings. It’s important to understand, though, that default chats use server-based encryption instead of end-to-end one, so Telegram can potentially access the content of your chats.

Is Telegram private or encrypted?

Telegram is encrypted with its own MTProto protocol. The encryption is server-based, meaning Telegram holds the encryption keys. End-to-end encryption is available only when you use the Secret Chat feature. 

Can Telegram be traced?

Yes, Telegram can be traced to some extent. While your messages in transit are encrypted and Secret Chats use end-to-end encryption, Telegram collects and retains metadata such as your IP address, device details, and phone number, which can potentially be used to trace your identity and activity patterns. Telegram also stores default chat messages on its servers, meaning it could theoretically access or disclose this data if legally compelled. 

Is Telegram end-to-end encrypted by default?

No, Telegram is not end-to-end encrypted by default. The app uses MTProto, which is server-based encryption. However, E2EE is used in the Secret Chat feature.