The recent WhatsApp attack that compromised private chats of as many as 1,400 people, including Indian activists and journalists, has triggered a wave of departures.
People have started switching to apps like Telegram and Signal in hopes of more security. But according to experts, even these platforms aren't fully secure, and you would still remain vulnerable.
Bugs, vulnerabilities open the risk of attacks
While all leading chat apps offer encryption, you should know that vulnerabilities in the system, be it in the OS or app, can let hackers steal your data.
For instance, in the case of WhatsApp, the platform dominates as the biggest messaging app with over 1.5 billion users and offers end-to-end encryption, but despite that, NSO Group's 'Pegasus' broke in and snooped on chats.
So, what makes Telegram vulnerable?
WhatsApp's end-to-end encryption comes by default, while Telegram, which is used by 200 million people worldwide, offers the added layer of security through a manually activated 'Secret chat' option.
However, in a recent paper, MIT researchers highlighted several flaws in the latter, noting that it employs its own messaging protocol, called "MTProto", which lacks scrutiny from outside cryptographers.
Then, its server can also be hacked
Along with this, the researchers claimed the Russian messaging service follows the old cloud-based approach for data storage.
"This means that if an adversary is able to gain control of their server system, they will have access to (at least) unencrypted messages and definitely to all the metadata," MIT researchers Hayk Saribekyan and Akaki Margvelashvili said while detailing the risk of such a system.
Server attack could compromise social information
As Telegram uploads contact list from user devices and stores the same on their servers, a server attack could easily compromise that information, putting a "huge social network information" at risk.
Even Telegram's secret chat data can be mined
Adding more to the concerns, the researchers claimed that Telegram's 'secret chat' security ecosystem can be compromised to steal data.
"Adversaries can learn when users go online or offline with down-to-the-second accuracy," they said, adding that "Telegram does not require agreement from both parties to set up the communication between them," which essentially allows the attacker to connect and mine meta-data covertly.
Plus, they also lack WhatsApp-like damage control
Many experts also argue that apps like Telegram and Signal might not be as swift as WhatsApp in taking damage control steps.
They say WhatsApp patched the spyware bug, informed affected users, and began legal proceedings against the malware's developers, but other apps may just stop at the first step (owing to the lack of resources), which may not ensure full transparency.