WhatsApp (or rather parent company Meta) is on the offensive – a few months ago Mark Zuckerberg claimed that “WhatsApp is far more secure than iMessage”, now another messaging app, Telegram, has been called out by Will Cathcart, the head of WhatsApp at Meta.
Cathcart quoted an article by Wired and his own criticism of Telegram’s end-to-end encryption (E2EE) implementation. It has not been independently verified, says Cathcart, and there are other flaws, e.g. it is not enabled by default and E2EE is not available for group chats (because of the issues it would cause when backing up your data, according to Telegram itself).
Telegram is not end-to-end encrypted by default and offers no e2ee for groups. From the article: “Telegram has the capacity to share nearly any confidential information a government requests”
— Will Cathcart (@wcathcart) February 10, 2023
The Telegram team has its own criticism of WhatsApp. For example, the option to back up chats to Google Drive effectively disables encryption since the backups are not encrypted and government agencies can petition Google for the data instead of WhatsApp.
Of course, both parties have interest in claiming that their service is superior to the other. You can read Cathcart’s Twitter thread for more details on his critique of Telegram. That Wired article is also worth a read, it recounts several instances of Russian authorities seemingly having access to secret Telegram chats. There’s more, Telegram’s flawed location API may have given away users’ locations down to around a radius of 3km/2mi. Telegram reworked the API but may not have actually fixed the issue.