Key takeaways

  • All communications on WhatsApp, including text messages, calls and media, are end-to-end encrypted by default, using the highly secure Signal protocol.
  • Telegram allows users to engage in group chats and channels without revealing their phone numbers, making it a preferred choice for those who prioritize anonymity.
  • WhatsApp has faced issues with zero-day vulnerabilities, while Telegram’s custom MTProto encryption protocol has been criticized for not being as widely vetted as WhatsApp’s Signal protocol.
  • If robust encryption by default is your main concern, WhatsApp may be the better choice. However, if anonymity and flexible privacy settings are more important, Telegram could be more suitable.

What is WhatsApp?

WhatsApp is the most popular messaging platform in the world, with over 2.24 billion monthly active users as of August 2024.

Founded in 2009 by Jan Koum and Brian Acton, former employees of Yahoo, WhatsApp was born out of a desire to create a simple, ad-free platform for messaging. The founders were frustrated with the cluttered and often intrusive nature of existing communication tools, so they set out to build an app that prioritized user experience and privacy.

Initially, WhatsApp was designed as a status update tool where users could let others know what they were up to. This is where it got its name — a play on the phrase “What’s up?” 

However, it quickly evolved into a messaging platform after Koum and Acton recognized the demand for an efficient, internet-based alternative to traditional SMS. This pivot led to WhatsApp’s rapid growth, driven by its simplicity, reliability and commitment to being ad-free. 

The WhatsApp logo

WhatsApp’s rise was meteoric, fueled by its user-friendly interface and the widespread adoption of smartphones. By 2014, just five years after its launch, the app had garnered 400 million monthly active users. This rapid expansion caught the attention of Meta (previously Facebook), which acquired WhatsApp in 2014 for a staggering $19 billion — one of the largest tech acquisitions in history.

The app’s success lies in its ability to offer a secure, encrypted communication channel that is both free and accessible across various platforms, including Android, iOS and web browsers. Users can send text messages, make voice and video calls, share images, videos and documents, and even make payments in some regions.

However, WhatsApp by no means has a monopoly on the market.

What is Telegram?

While WhatsApp still dominates the market, its growth rate has slowed significantly compared to earlier years. Meanwhile, Telegram, the underdog competitor to WhatsApp, has quickly risen in popularity, boasting 950 million monthly active users as of mid-2024.  

Launched in 2013 by brothers Nikolai and Pavel Durov, the creators of Russia’s VKontakte (VK), Telegram was designed with privacy and security at its core. The Durov brothers were motivated by growing concerns over government surveillance and the need for a communication platform that wouldn’t compromise user data.

Telegram offers a range of features that set it apart from its competitors. It’s known for its strong encryption, particularly in its Secret Chats, where messages can be set to self-destruct after a certain period.  

Opening a Secret Chat on Telegram

Users can also create channels to broadcast messages to large audiences, join public or private groups, and use bots for various automated tasks. These features, along with the app’s open application programming interface (API), have made it a favorite among tech-savvy users and those who prioritize privacy.

Telegram’s rise has been particularly notable in regions where users are looking for alternatives to mainstream apps like WhatsApp. It has seen significant growth in markets such as India, Brazil, Russia, Ukraine and Indonesia.

This surge in users can be attributed to Telegram’s flexibility, privacy features and the ability to host large communities, which are particularly appealing in regions with high digital engagement.

Understanding end-to-end encryption (E2EE)

End-to-end encryption is a method used by both WhatsApp and Telegram to secure communications. 

Popularized by the introduction of the Signal protocol, this kind of encryption ensures that only the sender and the recipient of a message can read its contents, preventing anyone — including the service provider — from accessing the data.

End-to-end encryption works by encrypting data on the sender’s device and keeping it encrypted as it travels across the network, only to be decrypted on the recipient’s device. This process involves the use of cryptographic keys:

  • Public key: The sender uses the recipient’s public key to encrypt the message.
  • Private key: The recipient’s private key, which only they possess, decrypts the message. 

How end-to-end encryption work

This system ensures that even if the data is intercepted during transmission, it cannot be read by anyone who doesn’t have the correct decryption key — this includes the service provider, hackers or government entities. 

Did you know? The concept of public and private keys, fundamental to modern encryption, was first introduced in 1976 by Whitfield Diffie and Martin Hellman. Their work on asymmetric cryptography revolutionized secure communication, allowing for secure data exchange without needing to share a secret key in advance.

Telegram vs WhatsApp

WhatsApp’s approach to encryption

WhatsApp introduced end-to-end encryption by default for all communications in 2016. This includes text messages, voice and video calls, photos and videos. WhatsApp uses the Signal protocol, developed by Open Whisper Systems, which is widely regarded as one of the securest encryption protocols available.

  • Key generation and management: Each WhatsApp user has a unique set of public and private keys that are generated automatically. These keys are stored on the user’s device, and the private keys never leave the device, ensuring that only the user can decrypt messages.
  • Forward secrecy: WhatsApp also employs a feature called forward secrecy, which ensures that each message is encrypted with a unique session key. Even if one encryption key is compromised, it cannot be used to decrypt past or future messages.

Telegram’s approach to encryption

Telegram takes a slightly different approach to encryption. While Telegram offers end-to-end encryption for its “Secret Chats” feature, regular or cloud chats are secured with a client-server/server-client encryption model and are stored encrypted in Telegram’s cloud. This means that while the data is encrypted between the user and Telegram’s servers, it is not end-to-end encrypted by default. 

  • Secret Chats: Secret chats in Telegram use end-to-end encryption and are not stored on Telegram’s servers. These chats are device-specific, meaning they can only be accessed on the devices where they were initiated. Secret chats also offer features such as self-destructing messages, adding another layer of privacy.
  • MTProto protocol: Telegram uses its custom encryption protocol called MTProto for Secret Chats. This protocol involves a combination of 256-bit symmetric AES encryption, 2048-bit RSA encryption and Diffie-Hellman secure key exchange. Despite being secure, some experts have criticized MTProto for not being as transparent or widely tested as the Signal protocol used by WhatsApp.

WhatsApp vs. Telegram

Aside from approaches to encryption, there are many other privacy-related features of both apps that ought to be compared. Here’s a table of differences between the two.

Telegram vs WhatsApp

Did you know? End-to-end encryption ensures that only you and the recipient can read your data, even the cloud provider can’t access it, whereas at-rest encryption protects stored data, but the provider may still hold the decryption keys.

Encryption vulnerabilities and concerns

Encryption, while critical for securing communications, is not without its vulnerabilities. Both WhatsApp and Telegram have faced scrutiny over potential weaknesses, whether due to technical flaws, implementation issues or concerns about data handling practices. Below are some of the key vulnerabilities and concerns associated with each platform.

WhatsApp vulnerabilities

  • Targeted exploits and zero-day vulnerabilities: In 2019, WhatsApp was found to have a major vulnerability that allowed attackers to install spyware on users’ devices simply by placing a WhatsApp call — even if the call was not answered. This exploit was used by the NSO Group’s Pegasus spyware, raising significant concerns about the security of WhatsApp’s encryption.
  • Backup encryption concerns: WhatsApp introduced end-to-end encrypted backups in 2021, which is a significant improvement. However, before this, backups stored in Google Drive or iCloud were not encrypted, making them vulnerable to access by those cloud service providers or third parties. Even now, users must manually enable this feature, leaving those who don’t activate it exposed.
  • Metadata collection: While WhatsApp messages are end-to-end encrypted, the app still collects metadata — such as who you contact and when, among other metrics — which can be analyzed to reveal patterns of behavior. This metadata is stored by WhatsApp and can be shared with its parent company, Meta, which raises privacy concerns, especially in light of Meta’s history with data misuse.

Telegram vulnerabilities

  • MTProto encryption protocol: Telegram’s custom MTProto encryption protocol has been a subject of debate among cryptography experts. While it is designed to be secure, it has not been as thoroughly vetted by the wider cryptographic community as the Signal protocol used by WhatsApp. Some experts have criticized MTProto for potential weaknesses, particularly in its key exchange mechanisms, which could theoretically be exploited by a determined adversary. 
  • Secret Chats limited to single devices: Telegram’s secret chats, which do offer end-to-end encryption, are only available on the devices where they are initiated and cannot be backed up to the cloud. While this is designed to increase security, it also means that if a user loses their device, the encrypted chats are lost forever, which can be seen as a drawback for some users.
  • Government pressure and data requests: Telegram has been praised for resisting government pressure in some countries, but it has also complied with requests in others, notably where it has been required to share data related to terrorism or other serious crimes. 

Did you know? In August 2024, Pavel Durov, founder of Telegram, was arrested in France, sparking significant international controversy. The arrest is reportedly linked to investigations into illegal activities facilitated through Telegram, including allegations related to child pornography, drug trafficking and financial fraud.

Who wins the encryption war?

If your primary concern is robust, default end-to-end encryption, WhatsApp wins the encryption war hands down. Its consistent application of the Signal protocol across all communications, combined with the availability of encrypted backups, makes it the stronger choice for security. 

However, WhatsApp’s association with Meta and the collection of metadata remain points of concern for some users. As such, if anonymity is your top priority — especially if you are in a situation where revealing your identity could be risky — Telegram might be the better choice. 

While it doesn’t offer end-to-end encryption by default for all chats, its focus on user privacy, combined with features like Secret Chats and the ability to participate in conversations without sharing your phone number, provides a level of anonymity that WhatsApp cannot match.

Written by Bradley Peak