Telegram’s Privacy Policy Reversal: What Pavel Durov’s Arrest Means For Your Data In 2026
Telegram now complies with law enforcement data requests in most jurisdictions — a reversal of the privacy-first posture founder Pavel Durov publicly championed for more than a decade. The shift began in September 2024, after Durov was arrested at Le Bourget airport outside Paris, and was formalized in a series of updates to Telegram’s privacy policy that expanded what user information can be handed over and under what circumstances. If you rely on Telegram on your Android or iPhone, what’s changed matters — and there are specific settings you should check today.
What changed, in plain language
Before September 2024, Telegram’s public position was that it would share user data — specifically IP addresses and phone numbers — only in terrorism cases, and only after a court order from a jurisdiction Telegram recognized. In practice, the company disclosed very little. After Durov’s arrest in France on twelve criminal counts related to activity on the platform, Telegram updated its terms of service and privacy policy to allow disclosure of IP addresses and phone numbers to authorities in response to valid legal requests for a much broader range of crimes, not just terrorism.
Telegram also began publishing expanded transparency reports showing how many requests it received, how many users were affected, and which countries were involved. The numbers went from near-zero disclosures in the first half of 2024 to thousands of affected user accounts per quarter through 2025 and into 2026.
What Telegram can and cannot share
| Data type | Can Telegram share it? | Notes |
|---|---|---|
| Phone number | Yes, with valid legal request | Stored on Telegram’s servers as part of your account |
| IP address | Yes, with valid legal request | Logged when you connect; tied to your account |
| Cloud chat messages (default chats) | Technically possible, policy-dependent | Stored encrypted on Telegram servers; Telegram holds the keys |
| Secret Chat messages | No | End-to-end encrypted device-to-device; Telegram has no keys |
| Group and channel messages | Treated as cloud chats | Not end-to-end encrypted, even in private groups |
| Voice and video call content | No | Calls are end-to-end encrypted by default; metadata may still be logged |
| Profile photo, username, bio | Yes — already effectively public | Visible per your privacy settings |
The critical takeaway: default Telegram chats are not end-to-end encrypted. Only Secret Chats are. That has always been true, but it matters more now that the company’s willingness to cooperate with law enforcement has expanded.
Why Durov was arrested and what happened after
French authorities detained Durov at Le Bourget airport on August 24, 2024, and formally placed him under investigation on twelve counts. The charges centered on Telegram’s alleged failure to moderate content and cooperate with investigators, including cases involving child sexual abuse material, narcotics trafficking, organized fraud, and refusal to disclose encryption information to competent authorities under French law.
Durov was released on €5 million bail on August 28, 2024, and placed under judicial supervision. He was required to remain in France and report to police twice a week. In March 2025, after months of the platform’s public policy shifts and cooperation, the terms of his supervision were eased and he was permitted to leave France, though the underlying investigation remains open. The final legal outcome is still pending as of April 2026.
How to check and tighten your Telegram privacy settings
These steps work on the current version of Telegram for Android and iOS. The menu paths are nearly identical on both platforms — any iOS-specific difference is called out.
1. Use Secret Chats for sensitive conversations
Secret Chats are end-to-end encrypted, device-specific, and cannot be forwarded. Telegram cannot read them and cannot hand them over.
On Android: open the contact, tap the three-dot menu at the top right, choose “Start Secret Chat.”
On iPhone: open the contact’s profile, tap “More,” then “Start Secret Chat.”
Secret Chats exist only on the two devices used to start them. If you switch phones, the chat history does not follow.
2. Lock down phone number visibility
Go to Settings → Privacy and Security → Phone Number. Set “Who can see my phone number” to Nobody, and “Who can find me by my number” to My Contacts. This does not hide your number from Telegram itself, but it stops other users (and scrapers) from pulling it.
3. Enable two-step verification
Under Settings → Privacy and Security → Two-Step Verification, set an additional password. Telegram will require it alongside the SMS code on any new device sign-in. This blocks SIM-swap takeovers, which are the most common way Telegram accounts are stolen.
4. Review active sessions
Under Settings → Devices (labeled “Privacy and Security → Active Sessions” on older builds), look for any session you don’t recognize and tap “Terminate.” Also set an “auto-terminate old sessions” window of 1 month if you rarely use secondary devices.
5. Turn on auto-delete for sensitive chats
In any chat, tap the contact name at the top, choose “Clear Chat History” or “Auto-Delete,” and pick 24 hours, 7 days, or 1 month. Auto-delete runs on Telegram’s servers and on every device in the chat.
6. Disable P2P calls for non-contacts
Under Settings → Privacy and Security → Calls → Peer-to-Peer, set this to My Contacts or Nobody. P2P mode exposes your IP to the other caller; routing through Telegram’s relays hides it.
Transparency report: what the numbers actually say
Telegram’s transparency reports now publish quarterly. Per the reports through Q1 2026:
- In 2023, fewer than 20 accounts globally had any data disclosed to law enforcement.
- In Q4 2024, following the policy change, Telegram disclosed data on more than 2,200 user accounts in response to U.S. requests alone.
- Germany, France, India, and Brazil are the top requesting countries outside the United States.
- The data provided is almost exclusively IP address and phone number — not message content.
That last point is the nuance most news coverage misses. Even with the expanded policy, Telegram does not appear to be turning over the content of default cloud chats in meaningful volume — just the metadata needed to identify who an account belongs to.
Should you switch messengers?
If your threat model is government-level surveillance, Telegram was never the right choice — default chats were never end-to-end encrypted, and that has not changed. If you need that level of privacy, the strongest options as of 2026 are:
- Signal — end-to-end encrypted by default, including group chats and calls. Minimal metadata. Requires a phone number to sign up, but supports usernames for chatting so contacts never see your number.
- SimpleX Chat — no phone number, no permanent account identifier. Uses one-time connection links. Steeper learning curve, smaller user base.
- Session — routes through an onion network, no phone number required. Slower message delivery, but no central identifier.
For most Android and iPhone users who already have friends on Telegram, the pragmatic move is to stay — Telegram is still the best-designed group chat app on mobile — but shift anything sensitive into Secret Chats or move that specific thread to Signal.
What this means going forward
Durov’s arrest didn’t end Telegram, and it didn’t turn Telegram into a surveillance tool. It did end the era in which the company could credibly claim to be outside any legal system’s reach. Going forward, assume that anything in a default Telegram chat — one-on-one or group — could theoretically be disclosed with a valid legal process, the same way email, iMessage cloud backups, and WhatsApp metadata can be. Adjust your habits accordingly: use Secret Chats for anything sensitive, keep two-step verification on, and know which conversations you’d rather have on Signal.
Telegram’s own approach remains a moving target. Check the app’s built-in privacy settings once per quarter, and watch the transparency reports — they are the best real signal of where the company actually stands, regardless of what the CEO says publicly.