Signal, WhatsApp, Telegram – which can you really trust?

Valkyrie was recently approached by a client using WhatsApp for work-related discussions who was concerned about how secure it really is. His concerns followed recent coverage of the UK’s Online Safety Bill and its implications for end-to-end encryption (“E2EE”)—alongside headlines about US officials using Signal during classified decision-making linked to the Yemen conflict. His question was simple but important: should I be using something else?

It’s not an isolated concern. From private negotiations to executive strategy, encrypted messaging apps have become essential—but with that reliance comes confusion and misplaced trust. Gurpreet Thathy, Valkyrie’s Director of Electronic Counter Measures and Cyber Security, regularly advises clients on this issue. Many assume that end-to-end encryption guarantees full security—but in reality, the app is only part of the equation. Device security and user behaviour are just as important.

End-to-End encryption isn’t the full story: Apps like Signal, WhatsApp, and Telegram all offer some level of E2EE, but the differences matter. Signal is widely viewed as the most secure—open-source, minimal metadata, and run by a non-profit. WhatsApp uses Signal’s protocol but is owned by Meta, which collects some metadata (e.g., contacts, usage) and has faced criticism over data-sharing practices. Telegram does not use E2EE by default—only one-to-one “secret chats” are fully encrypted, while group chats and standard messages are stored on its servers.

Device Security is the weakest link: Encryption protects messages in transit—not your device. If your phone is compromised via malware, spyware, or poor backup practices, even the most secure app can be bypassed. At Valkyrie, we’ve seen cases where the breach came not from the app itself, but a compromised handset or recovery flaw. Two-factor authentication (2FA), encrypted backups, and regular updates are essential—but often overlooked.

Helpful features—with limitations: Many messaging apps offer disappearing messages, encrypted backups, and screen locks. These features support privacy but aren’t foolproof. Screenshots can still be taken, content forwarded, and group chats compromised by a single unvetted participant. Even Signal can’t stop recipients from sharing content outside the platform.

Practical advice: Don’t rely solely on an app’s encryption. Consider who owns the platform, what metadata is collected, and where messages are stored. Think carefully about what you’re sharing—and who might access it now or in future.

At Valkyrie, we advise individuals, families, and organisations on secure communication strategies tailored to their threat profile. Choosing the right app is important—but mindset, discretion, and good digital habits remain your strongest defences. Digital security isn’t just technical—it’s tactical.

Valkyrie Updates

News

Stay informed with the latest insights, expertise and innovations in the world of security with Valkyrie’s news, reports and white papers

ALL NEWS

April 25, 2025

Who’s Listening – and Where? Modern Eavesdropping and the Silent Threat You Might Be Ignoring

Reporting in the media, reportedly from security sources, suggests Chinese intelligence operatives have been placing covert surveillance devices in parks, pubs, and hotels across Westminster. Alleged targets include benches in St James’s Park, political pubs like The Red Lion, and luxury hotels frequented by MPs, advisers, and civil servants. The aim is simple but potent: […]

April 10, 2025

The Modern Security Landscape – When Cyber and Physical Threats Collide

Valkyrie features in the April edition of Life magazine (London editions), page 342, with our latest article: ‘The Modern Security Landscape – When Cyber and Physical Threats Collide’. Today’s intruders don’t need to break in—they can log in. Security today isn’t about locked doors and alarm codes alone. Increasingly, criminals bypass the physical altogether—exploiting digital […]