Telegram defaults to unencrypted chats, so your messages are stored in plaintext on their servers. If you don’t want them to read your messages, you have to manually enable Secret Chats — but these don’t work for groups and require users to be online at the same time. A 2017 usability study found that many users thought they were using secure, encrypted chats when they were in fact sending all their messages in plaintext.
Perhaps even more concerning is the fact that group chats in Telegram cannot be end-to-end encrypted. Secret chats are reserved for one-on-one communication. Given that large group chats is often cited as one of the key appeals of Telegram, it’s surprising that this crucial gotcha is rarely mentioned.
In spite of these issues, Telegram continues to market itself as a secure messenger, causing people to think that their communications are private when they aren’t.
When they first launched, Telegram performed the mortal sin of cryptography when they rolled their own encryption scheme, MTProto. They had Maths PhDs create the scheme — but mathematicians are not cryptographers. A theoretical vulnerability in their scheme was discovered in 2016 (see this PDF), though it has since been fixed. When challenged on their encryption, they issued a nonsensical challenge that showed they do not understand cryptography.
We have far better alternatives: Signal, Wire, and WhatsApp all use the well-tested Signal Protocol for encryption. They don’t let users accidentally send plaintext messages. They do vary in terms of metadata protection; Signal does the most in order to prevent storing metadata.