In this safety analysis we evaluate Telegram across multiple dimensions including data collection practices, permission requirements, third-party integrations, and the company's track record with user data. Our verdict is "caution" — a designation that reflects both the scope of data the app collects and the safeguards (or lack thereof) it puts in place to protect that data. This assessment is based on a thorough review of the app's privacy policy, its behavior as observed through network traffic analysis, and the permission manifest on both iOS and Android platforms.
The app requests the following permissions on mobile devices: Contacts, Camera, Microphone, Location, Storage. This is an above-average number of permissions for an app in its category, and several of them — such as Contacts and Camera — raise questions about whether the data collected is genuinely necessary for core functionality. Our analysts tested the app with each permission individually revoked and found that it continues to function for its primary use case even without some of the more invasive permissions, which suggests they exist primarily for data-collection purposes rather than feature enablement.
Our data-collection assessment rates this app at the "Moderate" level. This means the app collects a moderate amount of user data, primarily consisting of usage analytics, device information, and some personal identifiers. It includes a limited number of third-party SDKs, most of which serve legitimate analytics or crash-reporting purposes. While the data collection is not minimal, it falls within the range we consider acceptable for a mainstream commercial application — provided users are comfortable with standard analytics telemetry.
Our network traffic analysis of the app involved monitoring all HTTP/HTTPS requests made during a standard usage session lasting approximately 30 minutes. During this session, we observed connections to a moderate number of third-party domains, primarily associated with analytics and advertising services. The app transmitted standard device telemetry and usage data, which is common for commercially-supported applications. We did not observe any clearly malicious data exfiltration, but the volume of third-party connections warrants awareness.
From a security standpoint, the app uses TLS for data in transit, which is the baseline expectation. However, our analysis found that certain data transmissions to third-party endpoints use weaker encryption configurations, and the app does not implement certificate pinning, which means it is theoretically vulnerable to sophisticated interception attacks on untrusted networks.
Compared to other apps in its category, this app falls in the middle of the pack. It is neither the most privacy-invasive nor the most privacy-respecting option. Users should review the privacy settings carefully and disable any data-sharing features they are not comfortable with. We recommend that all users, regardless of which apps they choose, regularly audit their app permissions, use a VPN on untrusted networks, and consider using a DNS-level ad blocker to reduce third-party tracking.
We last reviewed this app in early 2026 and will continue to monitor for privacy policy changes, security incidents, and regulatory actions. Publishers frequently update their data practices, and a verdict issued today may not reflect the app's behavior six months from now. We encourage users to check back for updated assessments and to subscribe to our privacy newsletter for real-time alerts about significant changes to the apps they use.
Our specific recommendations for current users: (1) Review your privacy settings within the app and disable optional data sharing. (2) Revoke permissions you do not actively use. (3) Consider using the web version of the service when possible, as it typically has fewer data-collection vectors than the native app. (4) Enable any available privacy-enhancing features such as "limit ad tracking" or "do not sell my data."
In summary, our comprehensive analysis of Telegram evaluates the app across data collection, permissions, network behavior, encryption, and historical track record. The "caution" verdict reflects our honest assessment of how the app treats user data relative to industry best practices and privacy-respecting alternatives. We believe that informed users make better decisions about which apps to trust with their personal information, and we will continue to update this assessment as the developer's practices evolve over time.