Telegram, a popular consumer-grade encrypted messaging app being used by employees for business purposes, has become a major topic lately due to the risks it poses to data protection, security, and administration of governments and private organizations.
Launched in 2013, Telegram is a free instant-messaging app which lets people exchange different types of content over an encrypted network. With more than 200 million users worldwide, the company has established itself as the world’s ninth most popular messaging app, though it is also thought to have attracted criminal and terrorist users as well.
However, despite its popularity, the app is also facing intense pressure from different regulatory bodies due to its policies and decisions which renders the app non-compliant with many archiving requirements. we detail in the following infographic some critical facts about Telegram and the potential danger it poses to any public and private organizations using it today.
Telegram: Facing Strong Scrutiny from Governments
Russia
In Russia, telecoms watchdog Roskomnadzor has recently asked a Moscow court to ban Telegram after it failed to hand over the encryption keys to Russia’s Federal Security Service (FSB) last April 4. Telegram was ordered to comply with a 2016 law that requires messaging services to provide the FSB with the ability to decrypt messages. Telegram argued that this was unconstitutional and refused. The FSB disagreed, suggesting that as collecting data would still require a court order, holding encryption keys did not violate the constitution.
Iran
Telegram is also facing the extreme scrutiny of its censorship policies from the Iranian Government. In fact, Iranian officials are now openly discussing banning Telegram in the country. This is after Telegram refused a request to move its servers to the Islamic Republic, which according to officials, would make Iranian users’ personal data and communications vulnerable to spying by state agencies. Other reasons cited for nationwide blocking of the app includes “The app was used to encourage rioting during the country’s recent protests…” and that “…it enables foreign powers to foment dissent.”
Why Using Telegram in Workplace Can Be Dangerous?
A report from Gizmodo sheds further light on why businesses and public agencies should avoid deploying Telegram in their workplace. According to them, Telegram is riddled with wide-ranging security flaws and “doesn’t live up to its proclamations as a safe and secure messaging application.” Citing many leading security experts, the report states:
- Telegram does not encrypt chats by default a critical feature that FBI has long been advocating. Christopher Soghian, Principal Technologist and Senior Policy Analyst at the American Liberties Union, told Gizmodo, “There are many Telegram users who think they are communicating in an encrypted way when they are not because they do not realize that they have to turn on an additional setting.”
- Telegram employs its own encryption which according to them, “is widely considered to be a fatal flaw when developing encrypted messaging apps.” According to Alan Woodward, a professor at the University of Surrey, “They (Telegram) use MTproto protocol which is effectively homegrown, and I have seen no proper proofs of its security.”
- Telegram leaks metadata like no other else could – Woodward also criticized Telegram after he discovered that an attacker could figure out when a user was online and offline, which could help determine whom the user is talking to and when they use the app.
What About Other Consumer-Grade Messaging Apps?
As mentioned in our previous post, companies should be careful when using consumer-grade messaging apps in their business such as WhatsApp, WeChat, and Signal. The problem with using these apps for work-related communications is that, even on company phones, most messaging apps are encrypted, and some have even more safety measures, such as deleting any trace of the message after a predetermined amount of time, barring phones from taking screenshots of messages, and otherwise circumventing many of the monitoring safeguards these industries have in place.
With significant fines at stake and the plethora of messaging apps at their employees’ fingertips, it is imperative for companies and public agencies to tighten their network and adopt secure enterprise-grade messaging apps such as TeleMessage that can capture and record text messages securely before they go encrypted.
TeleMessage’s Secure Enterprise Messaging platform is a messaging app dedicated for companies that want to take advantage the flexibility and efficiency of business text messaging without violating the data protection and message archiving requirements of FINRA, SEC, MiFID II, NARA, HIPAA, GDPR, SOX, and more.
To learn more about our enterprise messaging platforms, visit our website today at www.telemessage.com
