Back to Home

Telegram marks unofficial Android clients

Telegram started marking accounts of users of unofficial clients with a risk warning. Analysis shows MITM in Telega, data leaks in Graph Messenger and iMe. Open Monogram client on Kotlin and Jetpack Compose offers a safe alternative.

Telegram marks for unofficial clients: risks and alternatives
Advertisement 728x90

Telegram Introduces Labeling for Users of Unofficial Android Clients

Telegram has introduced an indicator for accounts using unofficial clients. A warning appears next to the username: "This user is using an unofficial Telegram client, which may reduce chat security." This applies to third-party apps, especially for Android, where serious vulnerabilities have been identified.

The move is tied to growing risks in alternative clients. On March 20, 2026, an anonymous article surfaced about a MITM attack in the Telega client. Analysis revealed activation of a hidden feature on March 18: all MTProto traffic is redirected through proxy servers run by developers in Russia.

Security Analysis of Alternative Clients

Experts from RKS Global tested eight popular unofficial Telegram clients for Android. The results confirm systemic issues:

Google AdInline article slot
  • Telegram Official — baseline reference with no leaks.
  • Telegram X — optimized version from Telegram.
  • Plus Messenger — includes Firebase Analytics and 1 ad SDK.
  • Nekogram — does not disable Firebase.
  • Graph Messenger — 6 SDKs, traffic to Russia, Firebase.
  • Telega — swaps servers for Russian proxies, MyTracker, OK.ru.
  • iMe — 15+ SDKs, traffic to Russia, Firebase, ad.mail.ru.
  • F-Droid (Forkgram, Mercurygram) — forks with potential risks.

Key threats:

  • Three clients (Telega, Graph Messenger, iMe) route data through Russian servers.
  • Firebase Analytics is active in Plus Messenger, Graph Messenger, iMe; Nekogram doesn't block it. The official client deactivates it.
  • Ad SDKs increase risks: Graph Messenger (6), iMe (15+), Plus Messenger (1). Traces of VK Group in Telega and iMe.
  • Telega leads in vulnerabilities: full MITM traffic interception.

These findings are based on static and dynamic APK analysis, network traffic, and decompilation.

New Open-Source Client Monogram

In March 2026, Monogram appeared on GitHub — an unofficial Android client. Built with Kotlin and Jetpack Compose for declarative UI and Material Design 3. Uses the official TDLib for the protocol.

Google AdInline article slot

GPLv3 license ensures openness. The authors emphasize it's in active development: expect updates, refactoring, and bugs. Goal — native experience without security compromises.

Monogram avoids common pitfalls: no third-party analytics, proxies, or SDKs. Traffic goes straight to Telegram servers.

Key Takeaways

  • Telegram labels unofficial clients with a security warning.
  • Telega implements MITM: all MTProto traffic via Russian proxies since March 18, 2026.
  • 3 out of 8 clients send data to Russia; Firebase and ad SDKs in most.
  • Monogram — open Kotlin/Jetpack Compose client on TDLib, GPLv3, in development.
  • For mid/senior devs: check APKs for proxies, analytics, and SDKs before installing.

— Editorial Team

Google AdInline article slot
Advertisement 728x90

Read Next