Not all messaging apps are equal when it comes to encryption

Messaging apps
(Image credit: Future)

Telegram founder Pavel Durov has been arrested in France on charges of enabling illegal transactions, failure to provide documents to authorities, complicity in possessing child sexual abuse material and in distributing CSAM, complicity in the distribution of drugs, complicity in organized fraud and money laundering.

This has naturally created controversy, with many calling it politically motivated, an attack on free speech, and oddly enough, an attack on encrypted messaging. I'm not going to wade into anything about political hit jobs or free speech, but I do have to mention one thing—the encryption argument isn't really valid because Telegram isn't always encrypted.

People didn't realize that every Telegram group message is sent in plain text through a Telegram server and much of it is saved. The French government will have plenty of evidence sitting there for them to look at. 

The only way to use encryption with Telegram is to have a one-on-one messaging session with someone and enable the "Secret Chat" setting. If you don't do that, it's not encrypted.

It's good that people are realizing that their group chats are wide open. It also brings up a couple of other things to consider: do you really care about encrypted messaging, and if you do, which apps are better at it than Telegram?

The first question is something only you can answer, but I can give you my answer: yes, I care. I'm not worried if someone knows I texted my wife to remind her to bring home a bottle of orange juice when she's out at the store or that anyone sees me send my grandkids a goofy picture of Snoopy on a jet ski. I just don't want them to be able to know it unless I tell them.

WhatsApp logo on Android

(Image credit: Jay Bonggolto / Android Central)

You're probably the same, and most of what you send over a messaging app is nothing you care about. But not always. There are plenty of things we do not want to share with the world, and you know which of those things apply to you. A way to protect your privacy is to only use a messaging app that is end-to-end encrypted, meaning only the intended recipient is able to decode and read it.

What's easier to talk about is what apps are encrypted. We'll start with the big ones — SMS and iMessage. SMS (texting) is never encrypted. Ever. Apple's iMessage is only encrypted if everyone in the message group is using a supported Apple device. This may change with the upcoming iMessage update that supports RCS, depending on how Apple uses the RCS profile (RCS is only encrypted thanks to Google, and both companies need to cooperate). We'll know soon enough. 

That leaves two really good messaging apps that, thankfully, are encrypted no matter which brand of phone you're using or how many people are in a group: Signal and WhatsApp. Both apps support end-to-end encryption for one-to-one chats and group messaging by default and work on every modern smartphone. You will need to install the app, of course, but there is nothing else for you to do.

While there may be other apps that use encryption properly, I can say I'm sure about these two.

Facebook Messenger Galaxy Active

(Image credit: Source: Chris Wedel / Android Central)

There are also two apps to mention: Facebook Messenger and Google Messages. Both might be encrypted, but they might not.

Google Messages is like Apple's iMessage: if all parties in the chat are using Google's encrypted RCS, then it works. If not, it defaults to a regular MMS group and is not encrypted.

Facebook Messenger is a little weird. Chats are encrypted as long as everyone is using Meta's app or a computer with the Google Chrome or Microsoft Edge browser. If someone is using Safari or Opera, for example, encryption is broken.

It's also important to remember that social media DMs on services like X or Instagram are not encrypted.

This may or may not be important to you and only you can decide. But at least you know a little about what is and isn't encrypted just in case.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Threads.

  • Olumide
    This is a poorly researched article.

    You claim that telegram group messages are available as "plain text" on the servers. Have you verified this?

    While the group messages are not end-to-end encrypted, are you aware the encryption keys are split among various jurisdictions across the world? Such that a court order from one country or group of countries cannot suffice to retrieve your messages from the server.
    Decryption key distribution (https://telegram.org/faq#q-do-you-process-data-requests)

    The so called end to end encrypted WhatsApp and Signal, are their source codes readily available to you for verification? And if so, are you certain that the same source code is what was used in building the apk file uploaded to the PlayStore?
    See Telegram reproducible build (https://core.telegram.org/reproducible-builds)

    This is where Telegram gains more reliability over others.

    Why are the so called drug trafficers or other criminals using Telegram rather than the so called "verified by security experts and end-to-end encrypted" WhatsApp and Signal?

    Why have we not heard governments putting pressure on WhatsApp or Signal (remember they are based in the US)?
    That silence alone should make us think.
    Reply