Signal, Telegram or WhatsApp: Which Encrypted Messaging App Should You Choose

Key points:

• Only collects your phone number
• Numerous on-device privacy features
• Funded by the nonprofit Signal Foundation
• Open-source software

Publications such as The Guardian, The Wall Street Journal and The Washington Post recommend Signal as a means to securely get in touch with their reporters. And for good reason. It encrypts all of your communications -- calls, chats, group messages -- and it uses Forward Secrecy to encrypt each message with a different key rather than a static key. That means even if someone got a hold of an encrypted message and figured out the key to decrypt that one message, they would have to figure out a new key to read a second message. 

Signal collects the least amount of data on you compared to the other messaging apps on this list -- and likely most apps. This app only collects your phone number. Nothing else. Signal does have access to the date your account was created and the last time you connected to its servers but that information is connected to your phone number. You can provide more information to the app if you want, but it's not required to have an account. 

Government agencies have subpoenaed Signal in the past for user information. While other apps might be able to provide certain user information for these requests that hasn't been possible for Signal. The app has only been able to provide an account's creation date and last time it connected to the app's servers -- which isn't a whole lot of data to work from.

Because Signal can't access your data, that means it can't sell, rent or monetize your data like other apps. Instead, Signal is funded through the nonprofit Signal Foundation. According to ProPublica, the majority of the foundation's funding in 2023 -- the most recent available data -- came from contributions and grants, totaling about $22.7 million that year. Reuters reported in 2022 that Twitter co-founder Jack Dorsey announced he would donate $1 million a year to Signal, so major donors do contribute to the nonprofit. 

Signal also has on-device protections that allow you to take privacy into your own hands. You can set the app to delete messages after a set amount of time, say, 30 seconds, and relay your calls through a Signal server to avoid revealing your IP address to your contact. And if you can't connect to Signal on your Wi-Fi or mobile data in your area or country for whatever reason, the app makes it easy to use a proxy address to use the service.

Signal is also open-source, which is unique on this list. That means anyone can look at and inspect the code used to make Signal work and ensure the app is doing what it's supposed to. This is huge since Signal makes some lofty promises with what data it does and doesn't collect and how private it is. But this ensures Signal is being truthful with its promises and lets people call out the app if it steps out of line. 

With all those considerations in place, Signal is the clear choice for texting and chatting privately and securely on your phone. 

You can download Signal from Apple's App Store or the Google Play store for free.

Key points:

• A cross between a messaging app and a messaging board
• May collect your data
• Only secret chats are end-to-end encrypted

• Offers paid tier for more features

Telegram doesn't offer as robust privacy features as Signal, but it does have a few features that might make the app appealing to some folks.

Telegram is a cloud-based messaging service, and it stores data it needs to function. Telegram also writes that it collects and stores some of your metadata, like IP addresses. The company changed its privacy policy in 2024 to say it will share some of your data with law enforcement if requested. 

"We've made it clear that the IP addresses and phone numbers of those who violate our rules can be disclosed to relevant authorities in response to valid legal requests," Pavel Durov, Telegram's CEO, posted in September. 

With that change in place, Telegram fulfilled 900 requests for information from US authorities in 2024, impacting 2,253 people, according to Telegram's own in-app transparency report.

If Telegram potentially handing your data over to law enforcement wasn't concerning, the company has suffered data breaches over the years that have put that information in others' hands. In 2020, for example, about 42 million Iranian Telegram users had their data leaked online. In 2019, a bug in Telegram was exploited by Chinese agencies to expose the identities of protestors in Hong Kong.

If you're still interested in Telegram, a key difference between it and other messaging apps like Signal is it can act as a messaging board for large groups, similar to Discord. It offers public channels that disseminate news about video games, news, sports and more. In the @entertainment channel, for example, you can find trailers and posters for new movies and television shows.

However, public channels like that aren't end-to-end encrypted. Telegram writes that everything posted in public channels and public groups is encrypted in transit to its servers and in storage, but those public channels are accessible to everyone on Telegram, no encryption key required. So if you're a channel owner or administrator, your posts in that channel are like a public record. 

Telegram's secret chats offer end-to-end encryption, but there is a caveat. Those chats are restricted to devices of origin, better known as your phone. 

"This way you can always be sure that they are safe for as long as your phone is safe in your pocket," Telegram writes.

However, this also means you can't use secret chats on the desktop or browser versions of Telegram. So those chats can be intercepted and read by someone who isn't the intended recipient.

Telegram does offer automatic message deletion, but the smallest interval you can choose is one day, unlike Signal where you can set messages to delete after minutes or even seconds. Telegram also offers an interesting self-destruct feature that will delete your account, messages and contacts after a certain amount of inactive time -- between one and 24 months.

Telegram's client apps are open-source, like Signal, and CNET Senior Editor Moe Long said open-source apps can provide transparency and let people inspect code for vulnerabilities. However, Durov posted in 2021 that the server codes aren't open source. 

"You don't even need the server-side code to check the integrity of Secret Chats -- they are solid regardless of how the servers function (that's the whole point)," he wrote. Telegram's privacy policy also states that the company's cloud servers are encrypted and "the encryption keys in each case are stored in several other data centers in different jurisdictions," meaning that employees at any one data center don't have the info to encrypt the data there.

It's not uncommon to have closed-source server code to protect intellectual property, security or other means. However, you're still placing your trust in the company to protect whatever data is on those servers. A third-party audit could help bolster that trust by confirming that the data centers work as intended, even if audits can only capture that info for a snapshot in time.

Long said that Telegram's end-to-end encryption somewhat mitigates Telegram's closed-source server code since messages remain secure until they are decrypted on a recipient's device. But that might not fully protect your data.

"Even with end-to-end encryption, some metadata could be collected," Long said. 

While Telegram is free, it offers a paid tier ($5 a month or $36 a year) for access to more features. Some of these features include unlimited cloud storage, animated emoji and no ads in public Telegram channels -- yes, there are ads in public channels with more than 1,000 subscribers on Telegram. 

Telegram's selective encrypted messaging but larger scale chats make it a good alternative for services like Discord -- which only offers end-to-end encryption for audio and video calls. However, some of your data is still being collected when not using secret chats, so be cautious.

You can download Telegram from Apple's App Store or the Google Play store for free.

Key points:

• Most widely used messaging app
• Uses the same encryption protocol as Signal
• Collects heaps of your data
• Free, but owned and operated by Meta

WhatsApp is the most popular private messaging app on this list, with about 2 billion monthly users, according to Exploding Topics. Because it's so popular, there's a higher chance that other people you might be chatting with have WhatsApp, and therefore your chats can be encrypted. And if the person you're chatting with doesn't have WhatsApp -- or any of the other messaging apps on this list -- then your messages might not be encrypted. 

WhatsApp uses Signal's encryption protocol, so your chats and calls are just as end-to-end encrypted as those on Signal. But the main distinction between Signal and WhatsApp is that the latter collects loads more user data, even compared to Telegram. 

According to WhatsApp, it automatically collects information like your usage and log information, device and connection information, location information and cookies from you when you use the app. And other people on the app can provide WhatsApp with information about you, too.

"When other users you know use our Services, they may provide your phone number, name, and other information (like information from their mobile address book) just as you may provide theirs," WhatsApp writes in its privacy policy.

That means even if you don't use the app much and only use it to chat with a friend or relative overseas every few months, your data can still end up in WhatsApp's hands via your friend or relative.

I guess the fact that the app collects so much data on you shouldn't be a surprise, considering the app is owned by Meta. The Federal Trade Commission filed a report in 2024 that said Meta and other companies collect and retain "troves of data, including information from data brokers and about both users and nonusers of their platforms."

"These surveillance practices can endanger people's privacy, threaten their freedoms and expose them to a host of harms, from identity theft to stalking," then-FTC Chair Lina Khan wrote. 

Some people have expressed concerns about WhatsApp's data security. In 2024, The Intercept reported that governments may be able to take advantage of the limitations of secure messaging apps by performing traffic analysis -- but this is a limitation of many messaging apps, not a vulnerability of WhatsApp specifically. In 2023, CyberNews reported that the phone numbers of close to 500 million WhatsApp users had been leaked. However, the Check Point Research team could not prove the numbers are from WhatsApp users.

"WhatsApp has no backdoors and we have no evidence of vulnerabilities in how WhatsApp works," a WhatsApp spokesperson told CNET in an email. "We have a proven track record addressing issues we identify and have worked to hold bad actors accountable. We have the best engineers in the world proactively looking to further harden our systems against any future threats and we will continue to do so." The spokesperson also said WhatsApp doesn't keep logs of who people message or call.

Again, there is no such thing as a perfectly secure app, but those are some alarming stories paired with how much data WhatsApp could collect on you. So while your messages might be secure and unreadable to anyone besides their intended recipient, the data WhatsApp collects on you is a veritable treasure trove of information others are out to get. 

Despite the data collection, WhatsApp is still the world's most popular encrypted messaging app. So, if the person you want to talk to has WhatsApp and an unsecured message app, you should try to convince them to use Signal. 

You can download WhatsApp from Apple's App Store or the Google Play store for free.