Back to Home

Risks of Telegram Android Clients: Analytics and Proxies

Study of 8 Alternative Telegram Clients for Android Revealed Risks of Data Leaks to Russia, Firebase Analytics and Advertising SDKs. Telega Spoofs Proxy Servers in Kazan. Trojan Discovered Under Telegram X.

Data Leaks in Telegram Forks: Telega and Trojans
Advertisement 728x90

# Security of Alternative Telegram Clients for Android: Analytics and Proxy Risks

Experts tested eight popular alternative Telegram clients for Android. All of them are potentially unsafe due to data leaks, analytics, and protocol modifications. The official Telegram client minimizes trackers, but forks often add SDKs for ads and metadata collection.

The tested apps include the official Telegram, Telegram X, Plus Messenger, Nekogram, Graph Messenger, Telega, iMe, and F-Droid clients (Forkgram, Mercurygram). Key issues: data transmission to Russian servers, Firebase Analytics, and ad SDKs.

Data Transmission to Russia

Three clients—Telega, Graph Messenger, and iMe—send data to servers in Russia. This creates risks of access by law enforcement under local laws. Telega is the most critical: the app secretly replaces Telegram servers with its own in Kazan. All MTProto traffic is routed through Russian proxies, confirmed by HTTPS decryption and pcap analysis.

Google AdInline article slot

This MITM approach allows intercepting messages, metadata, and sessions without user notification. Other clients with Russian ties:

  • Telega: MyTracker, OK.ru (VK Group);
  • iMe: ad.mail.ru (VK Group).

Firebase Analytics and Ad SDKs

Firebase Analytics is active in three clients explicitly (Plus Messenger, Graph Messenger, iMe) and in Nekogram (not disabled). The official Telegram deactivates it, but alternatives restore Google's data collection: app usage, contacts, chat behavior.

The number of ad SDKs correlates with risks:

Google AdInline article slot
  • Graph Messenger: 6 SDKs;
  • iMe: 15+ SDKs;
  • Plus Messenger: 1 SDK.

These mechanisms collect telemetry sent to third parties. The official client and Telegram X show a clean profile with minimal permissions.

Trojanized Fakes

A trojan disguised as Telegram X was discovered. This isn't a fork but full-fledged spyware of Chinese origin. Trojan features:

  • Stealing Telegram sessions;
  • Auto-joining channels;
  • Intercepting and replacing messages;
  • Account takeover.

Telegram X by developer Viacheslav Krylov rates highly: fewer trackers than the official client. Installing from unverified sources amplifies threats.

Google AdInline article slot

Key Takeaways

  • Telega replaces MTProto servers with Russian proxies—confirmed by traffic;
  • Firebase Analytics in 4/8 clients sends data to Google;
  • Ad SDKs (up to 15+) in iMe and Graph Messenger increase leaks;
  • Trojan masquerading as Telegram X steals sessions and takes over accounts;
  • Official client and Telegram X are the safest.

Recommendations for Developers and Users

Fork developers should publish source code and audits. Users: check permissions, analyze traffic with Wireshark or mitmproxy. Avoid APKs from third-party sources. For mid/senior levels: monitor network traffic of alternative clients using tcpdump and ssldump for MTProto.

— Editorial Team

Advertisement 728x90

Read Next