Telegram is known as a privacy-focused secure messaging app because it markets itself that way. However, it is often criticized by security experts, privacy advocates, and people with common sense who can understand why its claims about being privacy-friendly don't make sense. In this brief article, I'll show you all
As long as the keys are handled via a closed source app and server system, e2ee is potentially broken.
Even if you generated the key, keep the private part locally and submitted only the public part to your communication partner, you can never be sure that the intransparent app does keep your private key private.
With WhatsApp I’m quite sure that they somehow can retrieve the private key. Certain events point to that. But I see no reason to consider signal or telegram any more trustworthy - they are all prone to governmental influence.
And as open source and closed app infrastructure are incompatible, I would not handle anything important on an Android or Apple device.
Why would you not trust Signal?
You don’t have to trust their server infrastructure, because the end to end encryption has been verified by countless experts (and all their client side code can be looked at by anyone).
to be fair there is no way to verify the google play distributed app has been built from the published source code. there are also people arguing that the closed source google components built into it could work as a backdoor
You can build the app from source code though. Couldn’t you compare that to the Google Build?
Also, you could use a fork like Molly, they removed all proprietary binary blobs and replaced them with FOSS alternatives. And it’s still fully compatible with Signal
only if the app is built reproducibly. I suspect the google libraries are likely minified/obfuscated by default though.
I do, but that’s only so much when the point of the app is communicating with other people
What events point there?
There were several (ex) Meta employees stating they could read any message if they wanted to.
Source for this
A number of WhatsApp conversations unexpectedly appearing in courts.
You can easily access any undeleted convo in any app if you achieve device access. I would like to read more about this to understand it more and because your reply is still a little unprecise, do you have links to examples?
This was not about device access, that’s why I considered interesting. No, I don’t have links to everything I have read in my life… IIRC it was in a discussion on Reddit, which I don’t frequent anymore.
I’ve no proof of this, but technically the whatsapp app is closed source so they could push an update that collects the private keys, if they don’t do this already
One way to prevent this is would be to re-sign the app with your own signing key and delete that key before court, I guess. But those people whose conversations appeared probably just had Google Drive plaintext backups enabled.
I don’t know about WhatsApp, but macOS backups your keys on iCloud by default, so…