Meet Telegram for iOS: The World’s Most Secure Messaging App

I know what you’re thinking right now: seriously, yet another messaging app for my iPhone? That’s right folks, but this time what makes Telegram different from other messaging apps is its claim to security.

Telegram is a free, decentralized, open source and non-profit messaging app created by brothers Pavel and Nikolai Durov, who founded VKontakte, the largest social network in Europe (they’re essentially the Russian Mark Zuckerburgs).

Pavel is the financial and ideological partner while Nikolai is the tech genius of the equation. The latter created a unique custom data protocol called MTProto to secure the app, which allows the company to claim it is the most secure and fastest messaging system in the world even in the poorest connections. They have their protocol, API and source code open for all and even welcome security experts to audit their system.

How Telegram Secures your Chats

The Telegram uses two layers of secure encryption (server-client and client-client). Their encryption is based on 256-bit symmetric AES encryption, RSA 2048 encryption and the Diffie–Hellman secure key exchange, which is explained below by Wikipedia:

In the Diffie–Hellman key exchange scheme, each party generates a public/private key pair and distributes the public key. After obtaining an authentic copy of each other’s public keys, Alice and Bob can compute a shared secret offline. The shared secret can be used, for instance, as the key for a symmetric cipher.

536px Public key shared secret svg

What does this mean in every day chats? It means you can initiate ‘secret chats’ where secure private keys are able to be created over potentially insecure networks. Your chat will show a visual key which you can compare to your friend’s to ensure the same secure key is being used, making your chat secure from third parties.

Telegram explains encryption keys are created client to client in case of Secret Chats (using the Diffie–Hellman secure key exchange), while its client-server/server-client for ordinary chats so those can stay in the cloud for reference from multiple devices.

Self Destructing Messages in…3…2…1…

Telegram’s security also allows you to set a timer to have messages self destruct within secret chats as well. So once you read them, they can just disappear after a certain amount of time. You can also terminate all sessions in an instant as well.

Photo 3 Photo 2 2

Photo 4 4 Photo 1 5

Why should we trust Telegram and how does it compare to iMessage? 

We spoke with Markus Ra from Telegram’s support team and asked why should customers trust the company and would they ever sell out to commercial interests? He reassured us the entire project was created from the start as a non-profit and open sourced project.

We also asked Ra how Telegram’s security compared to Apple’s iMessage. He went on to explain “with Telegram’s secret chats you can be sure that a man-in-the-middle attack is impossible—of which you cannot be sure when it comes to iMessage since Apple doesn’t allow one to compare the keys being used,” referencing a recent discovery by security researchers questioning the security of Apple’s platform.

As for where most of their users are coming from, Ra told us most are from countries where people are concerned with security, (such as Germany and increasingly the USA), unhappy with their governments (Central and Latin America) or face censorship (Uzbekistan, Saudi Arabia), but overall are fairly spread out evenly over the world at the moment.

Ra explains they don’t have a PR team pushing the app but rather having a “good product is [the] only tool worth focusing on.” So the app looks to grow organically as an open source and non-profit messenger.

Telegram works as described

In our quick tests of Telegram, the app was very fast as stated and was simple to use. It almost reminded us of WhatsApp, with its tick mark system for notifying you whether chats have been sent and received. You can send images, video and your location to friends and also start group chats.

Setting the self destruct timer for secret chats is interesting. The timer starts counting down once you view the messages and after a period of time you select (ranging from 2 seconds to 1 week), they will automatically delete.

Compared to WhatsApp, the app can have 100 ongoing chats versus 50 in the latter.

The only problem with Telegram? Trying to convince friends to download and install the app. However, if you are paranoid about security and need to chat securely with friends, then this shouldn’t be an issue.

Government agencies won’t be able to see your chats

Speaking with TechCrunch last month, Telegram revealed they rent data centres and servers from around the world, such as in London, San Francisco, Singapore and Helsinki. They have steered clear of the Russian government says Durov:

“As a foreign company and offshore entity we will not be obliged to comply with the rules of Russia, China, Saudi Arabia and countries like that,”

Also, if governments ask Telegram for requests to information, they would not be able to hand over any data for end-to-end encrypted chats—since secret chat encryption keys are generated locally on each device and not their servers (hence their claim to being the world’s most secure messaging app).

“Anyone could look into our documentation and the source code of the app and make sure that we are not trying to fool anyone. The NSA, for that matter, could do the same thing and see that we cannot provide them with any data for purely algorithmic, mathematical reasons,” he adds. “I think that is a way to refuse data requests without openly breaking local rules in America or any other country.”

Telegram’s founders also say the service will stay free forever and if they do require money, they will ask its users in the form of donations.

You can download Telegram here from the App Store—it’s free. The app is also available for Android. Let us know what you think of this interesting messaging app!

Thanks @iCupcake

Founder and Editor-in-Chief of Follow me on Twitter, and @iPhoneinCanada, and on Google+.

  • marco

    hmm, I wonder how it compares to Wickr

  • Grant

    So… essentially you need to be a cryptography expert in order to assess their framework and code to have any sense of comfort that their service is secure… that or take the “trust me” approach – I mean, I’m sure that two Russian brothers would have no other motives for providing this service.

  • Yeah the app is relatively new, they told us they are not for profit and open source, but of course I’m sure some security guys will put their claims to the test.

  • sully54

    what in the world could the average person be talking about that you would need end to end encryption of this level? sometimes i think we take this privacy thing too far.

  • I think it is more about knowing companies or governments aren’t spying on you, regardless of what you’re talking about.

  • Peter Pottinger

    The last person you trust is the first people who tells you to trust them.