The Kaspersky blog post summarizes a comprehensive 2025 privacy ranking study by Incogni, comparing popular messaging apps on privacy criteria including data collection, default privacy settings, government data request compliance, and encryption. Discord ranks highest overall due to limited data collection and fewer privacy fines but has less private default settings. Telegram and Snapchat offer the most private default configurations and extensive privacy controls. WhatsApp excels in protecting against strangers and provides full end-to-end encryption by default, a critical security feature not matched by Telegram, which does not encrypt chats end-to-end by default. Facebook Messenger ranks lowest in privacy. The study also highlights that WhatsApp chats with Meta’s AI assistant are used for AI training without opt-out, raising privacy concerns. Government cooperation rates vary, with Snapchat approving 82% of requests, Meta’s services 78%, and Discord 77.4%, while Telegram’s rate is undisclosed but nonzero. Data collection varies between general policy and mobile app telemetry, with Telegram collecting the least data. Desktop clients and third-party or modified apps pose additional risks due to architectural vulnerabilities and malware distribution. The report advises caution with unofficial clients and recommends using official mobile apps with strong privacy settings. The analysis underscores the importance of privacy settings, encryption, and user awareness to mitigate risks from data leaks, social engineering, and unauthorized access.

For European organizations, the privacy and security posture of messaging apps directly affects the confidentiality of internal communications and personal data protection compliance under GDPR. Apps with weaker default privacy settings or extensive data collection increase the risk of data leakage, unauthorized access, and surveillance by third parties, including governments. The use of platforms that cooperate extensively with government data requests may expose sensitive corporate or personal information. The lack of end-to-end encryption by default in some apps (e.g., Telegram) can lead to interception risks. Desktop and third-party clients introduce additional attack surfaces, potentially enabling malware infections or account hijacking. Social engineering attacks exploiting these platforms can compromise employee accounts, leading to data breaches or fraud. Organizations relying on these apps for communication must consider these risks in their security policies and incident response plans. Privacy-conscious apps reduce exposure but require proper configuration and user training. Failure to address these risks can result in reputational damage, regulatory penalties, and operational disruptions.

European organizations should: 1) Prefer messaging apps with strong default privacy settings and end-to-end encryption, such as WhatsApp for sensitive communications, while recognizing Telegram’s limitations. 2) Enforce strict account security policies including multi-factor authentication and regular user training to mitigate social engineering risks. 3) Avoid use of unofficial or modified clients and restrict desktop client usage where possible, or ensure they are updated and secured. 4) Regularly audit and configure privacy settings to minimize data exposure, including limiting data sharing and opting out of AI training where possible. 5) Monitor and control app permissions on corporate devices to reduce telemetry data collection. 6) Develop incident response plans addressing account hijacking and phishing attacks via messaging platforms. 7) Educate employees about risks of scams and phishing through messaging apps. 8) Consider alternative niche private messaging solutions for highly sensitive communications. 9) Collaborate with legal and compliance teams to understand implications of government data requests and data retention policies. 10) Utilize endpoint protection solutions that detect malicious links and apps distributed via messaging platforms.