Telegram is known as a privacy-focused secure messaging app because it markets itself that way. However, it is often criticized by security experts, privacy advocates, and people with common sense who can understand why its claims about being privacy-friendly don't make sense. In this brief article, I'll show you all
As long as the keys are handled via a closed source app and server system, e2ee is potentially broken.
Even if you generated the key, keep the private part locally and submitted only the public part to your communication partner, you can never be sure that the intransparent app does keep your private key private.
With WhatsApp I’m quite sure that they somehow can retrieve the private key. Certain events point to that. But I see no reason to consider signal or telegram any more trustworthy - they are all prone to governmental influence.
And as open source and closed app infrastructure are incompatible, I would not handle anything important on an Android or Apple device.
Why would you not trust Signal?
You don’t have to trust their server infrastructure, because the end to end encryption has been verified by countless experts (and all their client side code can be looked at by anyone).
What events point there?
There were several (ex) Meta employees stating they could read any message if they wanted to.
A number of WhatsApp conversations unexpectedly appearing in courts.
I’ve no proof of this, but technically the whatsapp app is closed source so they could push an update that collects the private keys, if they don’t do this already
One way to prevent this is would be to re-sign the app with your own signing key and delete that key before court, I guess. But those people whose conversations appeared probably just had Google Drive plaintext backups enabled.
I don’t know about WhatsApp, but macOS backups your keys on iCloud by default, so…