I had the pleasure and honor to stay at @modprobes mansion in Acapulco and to learn indepth knowledge of Crypto's. I am truely grateful for his hospitality and friendship.
@Modprobe opinions are based on thorough and thoughtful, if not professional grade, reviews of the software and security in question, based on a background of formal training in cryptography and cryptographic software protocol design, reverse engineering, analysis, and exploitation at Rensselaer Polytechnic Institute, thanks to which he is able to understand and participate in technical security reviews.
Here is a extract from the above link about secure-messaging-apps ;
"Extreme Dishonorable Mention goes to Telegram (https://telegram.org), which I want to highlight specifically as an app which, in my opinion, is not secure at all."
@modprobe goes on to say;
"Telegram is marketed, quite emphatically ("Telegram is more secure than mass market messengers like WhatsApp" is a direct quote from their FAQ page), as a secure messaging app; however, since shortly after its publication, Moxie Marlinspike (a well-known and respected hacker, co-author of the Double Ratchet protocol that powers Signal and others) pointed out irregularities in the protocol which render its security claims suspicious.
One would expect a reasonable team acting in good faith to re-evaluate their protocol's security, and perhaps enlist a respected security firm to review their designs, after such a cold reception by the cryptography community. Instead, Telegram doubled down and launched an open challenge to break Telegram's security. This would seem to indicate their confidence in the security of their protocol, and put the ball in the court of those claiming it is flawed. Instead, Marlinspike pointed out that this challenge was designed in such a way that it can't be won, no matter how bad the crypto is. He even provided an example of a trivially breakable crypto protocol, and pointed out that even that protocol can't be broken according to the rules of the challenge.
This conversation is fairly old at this point, but Telegram continues to persist and market itself as a secure messaging app. There are plenty of unsubstantiated claims in the wild that Telegram is secure, but I've never seen one with any substantiation based on the underlying cryptography. There are, however, plenty of articles on how it's not secure, from respected sources that provide substantial evidence for their claims. And there are now at least two papers formally presenting actual attacks on Telegram's protocol: 1, 2 (I have not reviewed these papers in detail; I see no reason to spend the time on it).
So why so much hate for Telegram? Because they still actively market their app as secure, and at this point, I can only assume that claim is an intentional lie. I try to give people the benefit of the doubt, and apply Hanlon's Razor ("Never attribute to malice that which is adequately explained by stupidity"), but at some point I have to ask myself: can I really believe they're that stupid? Or, are they trying to deceive people? I honestly cannot imagine that someone can be that stupid; I think anyone acting in good faith would have questioned themselves by this point, and in this case, once the question is honestly asked, the answer is honestly obvious. So while I have no positive proof that they are intentionally lying, all signs seem to point that way. Please tell me, dear reader, am I being unreasonable?
So to wrap things up, let me emphasize that this is a complex issue, and it's one that I do not take lightly. I have a great deal of experience that I believe qualifies me to opine on what is and is not a secure messaging app, but I do so with hesitation because even for me, it's a lot of work to form a quality opinion. It is for that reason that I don't have an opinion on every messaging app out there. I have found a couple of apps that I do trust for my day-to-day messaging, and I'm always on the lookout for more, but at the end of the day, this is a game of one-upping that we'll be playing forever, because that's how security works.
I recommend Wire and Signal, and possibly Keybase. I strongly warn all to actively distrust Telegram. These opinions are based on thorough and thoughtful, if not professional grade, reviews of the software and security in question, based on a background of formal training in cryptography and cryptographic software protocol design, reverse engineering, analysis, and exploitation at Rensselaer Polytechnic Institute, thanks to which I am able to understand and participate in technical security reviews.
My opinions are my own, and they are only intended to be good enough to satisfy me, which is a highly subjective standard. They are provided in the hopes that they are useful, but I make no promises that they are valid. If they aren't, please let me know. :)"
Here is the entire post it was extracted from to learn more; https://steemit.com/security/@modprobe/let-s-talk-about-secure-messaging-apps