Why iOS.md

Your phone needs to be secure. Governments take advantage of phones to recover phone numbers, voice mails, emails, notes, texts --- anything sensitive that's ever passed through a phone. They'll even use phones to impersonate reporters and activists to their sources.

When a secure phone is locked, it won't give up any of its data. But even a secure phone won't protect you if it's unlocked!

iPhones are the safest phones, safer today than Android.

There are a lot of reasons for this, but the simplest and most important is that only one company (Apple) makes iPhones, while many different companies (Samsung, Google) cooperate to make Android phones. That means securing an iPhones an easier technical problem.

You can make an Android phone secure, but it takes some technical savvy to pick the right phone model and to know how to lock it down. Meanwhile, any recent Apple phone can be made safe without much effort. If you're not sure whether you're savvy enough, you should use an iPhone.

That may be all you need to know. But if you'd like to know more about why you should use iPhones, here are some additional details.

iPhones are more likely to have software updates applied: All phones run software. All software has bugs. Security flaws come from bugs. So it's important that your phone be updated regularly, to get the latest bug fixes. iPhones can update themselves automatically, and Apple updates even relatively old iPhones. Android phones are updated less frequently, and some Android vendors barely publish updates at all.

iPhones have better encryption: Modern phones are encrypted, so you can't get data off them when they're locked. The iPhone was designed for cryptography, and Apple controls both the hardware and software for the iPhone, so it has special hardware support for crypto (like the "secure enclave").

iPhones are locked down: Android is an open platform. The iPhone is closed: it only runs software approved by Apple. Openness is a good thing, but it makes security harder, by increasing the number of bad things that apps you download can do (or be tricked into doing).

The security advantage of a closed platform phone is eliminated if the phone is "jailbroken", which people sometimes do to install software vendors don't approve of. Both Android phones and iPhones can be jailbroken, but Androids are far more likely to be jailbroken than iPhones. Either way: don't jailbreak your phone.

No matter what phone you use, you need to follow some basic safety rules to protect your data and the data of the people you talk to.

1. Set a long passcode on your phone, or, even better, a passphrase. If someone can guess your passcode, all bets are off. With a decent passphrase, even governments may not be able to open your phone without your help.

2. Use secure messaging software. Text messages are insecure even if you use a secure phone to send them. The best secure messaging software is called Signal, and its free to use. If you can't use Signal, you can get some security from WhatsApp and Facebook's Messenger, which license Signal's technology. Don't rely on the built-in messaging application, or on email.

3. Be careful about cloud backups. Surprising though it made seem, if you're using an iPhone, there is probably no computer in the world that is safer for your data than your phone. "Cloud" is computer jargon for "other people's computers". Consider backing things up only to a computer you own. If you do this, make sure you encrypt your backups: for iPhones, that's a check box you may have to click in iTunes.

Right, it's not broken yet, but their choices are inherently sketchy. IGE and SHA-1 are risky choices. Yes, they've designed around the current known problems but that doesn't mean they are the only problems that will ever arise with these battered algorithms, nor does it mean there are any less surprises coming for these algorithms (see sha1 recent announcements for example). If I was to hazard a guess where telegram will first be broken in the current scheme it would be the sha1 of the plaintext that it relies on. At this point telling someone that sha1'd plaintext is OK shouldn't be something you can do with a straight face.

Why not just switch the sha1 to sha256 etc?

What exactly is weak about Telegram and why do security researchers always seem to have a "my way or the highway" approach, even if people don't roll their own cryto?

Are there any actually secure Android devices? What about phones like Google Nexus/Google Pixel? Don't they have something like iPhone's Secure Enclave?

Talking about Telegram's encryption just going off of the MTProto documentation is missing the point. The secret chats are opt-in rather than on by default, they can only occur between users (i.e. no support for group chats), and, as they are currently implemented, also are single-device and thus not shared with a user's other Telegram clients.

However, Telegram stores the plaintext history of non-secret chats indefinitely. They say that they delete message history when it becomes unreachable due to all members of a chat clearing their history, but we can only take them at their word, and the fact they even have the plaintext messages available to store is bad enough in the first place.

Other messengers (Signal, Wire, and Riot to name a few for which the source is available freely) all employ end-to-end encryption in such a way that the server never sees plaintext at all, it just shuttles around encrypted messages to their recipients. On top of that, they not only support fully end-to-end encrypted group chats, but in Signal and Wire's case, the encryption is always-on. Wire and Riot even support end-to-end encrypted history sharing between devices.

So, even if we assume that MTProto is secure and will never be broken (despite its lack of sophistication relative to the double ratchet that Signal, Wire, and Riot all use), relative to the entire Telegram userbase, nobody is using secret chats. It breaks Telegram's UX: there's no history sharing between devices, and you can't have secret group chats. Telegram has your plaintext. That's why people recommend against it.

Wasn't Telegram linked to Russia?