Cybersecurity expert Zak Doffman says that Telegram and Signal promise more privacy than traditional messaging platforms, like Facebook’s Messenger. However, there are still some settings to improve on the level of protection. Doffman has outlined the best tips below.
Like a number of the most popular chat apps, including WhatsApp and Signal, signing up to Telegram for the first time requires users to enter their phone number. After this, a confirmation code is sent to the number of ensure that you’ve provided a real number – and that you have access to it. However, this method does leave the chat app open to attack.
Hackers have gained access to accounts by pretending to have entered the wrong number (namely, yours) and asking you to forward the six-digit verification code to set-up an account. Since the hackers have usually taken over a friend or family members’ account, you’re more likely to forward the all-important data. But doing so allows hackers to take control of your account on their phone – allowing them to message all of your contacts, read messages, save images and videos from your conversations and group chats.
Any messaging app that uses a mobile number to confirm its users’ identity is vulnerable to this attack, security expert Doffman warns, and none of these WhatsApp alternatives have managed to solve this issue.
If you’ve successfully set-up an account without any issues with the all-important verification process, Doffman still cautions users to dive into the Settings menu to change a few options.
- Activate “two-step verification” on your account by heading to Settings > Privacy And Security and then add a password. And voilà!
- Dive back into the Privacy And Security section and select the option that only contacts can communicate with you – no one else. While you’re there, Doffman also suggests limiting who can see your Telegram profile, your status (online, or offline) as well as when you were last connected to the app. In this Settings menu, you can also choose who is able to add you to groups.
- Add a Lock Code. This prevents anyone with your phone from loading up the chat app and snooping through your conversations with a separate PIN to unlock Telegram.
- You’ll also want to use Secret Chats. This feature ensures your chats are end-to-end encrypted, which means nobody (including the teams at Telegram) can snoop on your messages, images or documents. To start a Secret Chat, head to the normal conversation with your contact, tap on the three-dots on Android or “More” button on iOS, and then select Start Secret Chat.
- Activate Self-Destruction. Another attractive option not available in WhatsApp, this adds the option of destroying all messages shortly after they’ve been viewed – so nobody can review your chat history.
Not only is Signal end-to-end encrypted by default, like WhatsApp by the way, but its code is open-source. While that might sound worrying, it’s actually an asset. After all, this means anyone is able to scrutinise the practices used by Signal and can make suggestions. Unlike WhatsApp, where users have to trust that Facebook is true to its word (and hasn’t made any honest mistakes), privacy experts are able to check Signal’s code for themselves, suggest improvements, and then check back to see whether the company has made the promised tweaks. As a result, the open-source nature of Signal means it’s one of the most trusted, secure messaging apps on the planet. Whistleblower Edward Snowden has previously revealed that he uses the app, as well as Twitter creator Jack Dorsey.
- Activate Registry Lock. This feature is designed to stop anyone accessing your conversation history in the rare case that your Signal account is stolen or hijacked – and it’s well worth activating as insurance
- Turn on Screen Lock. Like the Lock Code in Telegram, this is designed to stop anyone with your smartphone in their hands from being able to jump into your chats. Signal lets you set a passcode or use biometrics, like Face ID
- Switch off Previews, security expert Doffman cautions. This prevents incoming messages from appearing on the lockscreen of your iPhone or Android, where they can be spied by people nearby
- Disable screenshots outside of the app
- Finally, if you’re on Android, make Signal your default SMS messaging app. This means any messages sent in future will default to this app, which Doffman says is much more secure than the conventional one preinstalled on your handset