Telegram on Graphene OS

Hello, I am having trouble crating a new account on Telegram with Graphene OS. Please no comments of the form “don’t use Telegram”, yes I know it’s bad, I don’t use it privatey, I need it for work. My setup:

I am using an ad-hoc user account with Google and all the cr*p but with no access to phone and call logs.

I am using a physical SIM with UK number provided by crypton.sh . As far as I can see the SIM works, i.e. it can receive SMS (tested through the crypton website).

I have a verified Google account provided by my employer for this user (of the form myuser@myorg.com and not myuser@gmail.com ).

I do not have a previous Telegram account, so I have to create one from scratch.

If I try to install Telegram or Telegram X from the Play Store, initially it fails “This app cannot be installed”. Apparently the issue is that it requires the Play Store to have permission to access contacts, but I have no contacts on this profile anyway, so I allow it, and after that the installation succeeds.

At first start, Telegram asks me to provide access to the call log (OK, it is empty) and to the contacts (also empty). Then it asks me for the phone number.

I put in the UK phone number. Then Telegram asks permission to read SMS “so it can fill in the verification code for you”. And of course nothing happens.

After a few seconds of trying, Telegram switches to email verification: “You will receive the activation code by email instead of SMS”. I have the option of either filling in my email, or “Log in with Google”.

If I try “log in with Google” it says “sorry, this domain is not allowed”.

If I try to fill in myuser@myorg.com it prompts me for a verification code. I receive the verification code at my work email, but when I fill it in it says “sorry this email is not allowed”.

Any way to work around this?

I put in the UK phone number. Then Telegram asks permission to read SMS “so it can fill in the verification code for you”. And of course nothing happens.

I had the same problem.

1. You need to install Google Play Services and the Google Play Store
2. Give them all permissions
3. Install Telegram through the Playtore
4. Give Telegram every permission
5. Use your phone number of the SIM card (alias phone numbers or free dump phone numbers will not work)

Telegram wants the phone number of your sim card and if the SMS comes through an alias it will simply not work.

Depending on the country Telegram is more popular than WhatsApp, Signal, or SMS.
So it is like with WhatsApp, the society forces you.

I need it for work. My setup:

As you can see from the original question, he needs it for work.
For whatever reason his work forces him to use his private phone, instead of a working phone.

I dont see how in the post he’s forced to use the private number, there are better ways to handle things like a unique codename written in paper that not even an impersonator will know and removing the “I don’t remember” equation knowing that they do have a paper note of the code, multiple copies of the codename note also to eliminate the “I lost it” (Both at workplace, home and another offsite if applicable)

I have never met anyone who needs to use Telegram for their work..

If you go more in the direction of the Balkan, ukraine, russia and so on, it is way more popular.

I dont see how in the post he’s forced to use the private number, there are better ways to handle things like a unique codename written in paper that not even an impersonator will know and removing the “I don’t remember” equation knowing that they do have a paper note of the code, multiple copies of the codename note also to eliminate the “I lost it” (Both at workplace, home and another offsite if applicable)

@GorujoCY Telegram like Signal wants a phone number for verification.
Unlike Signal Telegram doesn’t allow you to enter the code yourself, instead it wants to read/write all SMS and then get the code automatically.
If you now use Alias or throw away phone numbers, the verification will fail due the way to SMS is delivered to you.

I have no idea what you mean with “ unique codename written in paper that not even an impersonator will know and removing the “I don’t remember”".

Relevant enough video:

Basically you wanna eliminate every excuse an impersonator can use at their arsenal to make you believe you are talking to that person (and likely succeed in the ransom). Also applies to calls spoofing as the person. But we’re getting off topic, I thought it was the workplace’s policy thing which would be scummy and I was explaining some kind of example of a better way

Also no, I’m pretty sure a VoIP Number can work, and you don’t need to allow every permission on play services, only allow necessary ones then if possible revoke them

sically you wanna eliminate every excuse an impersonator can use at their arsenal to make you believe you are talking to that person.

I see.

Also no, I’m pretty sure a VoIP Number can work,

Depends. If the VoIP number is deliverd the exact same way like a “normal” SMS, yes.
But services like Google VoIP, JMP.chat or smsfreeverify will fail.

And you don’t need to allow every permission on play services

On my end it failed every time. Only if all permission are given it worked.

then if possible revoke them

That is an option.

Oh please stay on topic! Yes, I know Telegram sucks, but at my workplace it is used (and no, I’m not based in Russia/UA but for reasons I cannot comprehend it is popular in my field, I work with cryptobros despite not being one myself). My employer does not provide work phones, and I wouldn’t want a separate one even if, so I’m happy to use a dedicated Graphene OS profile that I can switch off when not at work.

Done all of these.

This user profile does not have access to my main SIM card (the one on the phone). I receive SMSs through crypton.sh (it’s a real, physical SIM card, but hosted by someone else).

This is really enraging me, but OK. Then I would be happy to go through the email authentication. I have a working Google account for this, just my email address is not @gmail.com but @myorg.com and apparently Telegram is unable to understand this. Isn’t there any workaround?

Yeah, nice to meet you!

SMSs through crypton.sh

Will not work with this.

Funny thing is, it worked for Whastapp, and I’m quite sure it would work for Google too. So it is true! Telegram is the MOST SECURE IM APP AFTER ALL! /sarcasm

I don’t know if your work will have a problem with this, but you could make a throwaway gmail account solely for Telegram I guess?

They tried both work and personal Gmail that would not work

They said they have a working Google account with an @myorg.com address instead of an @gmail.com one, so I assumed they just used that account. Skimming through, I don’t think they’ve specifically said they tried an account with an @gmail.com address though?

Yes, correct, I don’t have a personal @gmail.com address, only the @myorg.com one. I could in theory create a personal Gmail address for Telegram only but 1) it would be definitely overkill, 2) it would also be wrong, in the sense that I want to create a Telegram account specifically for use in MyOrg, and 3) I actually doubt it would be easier to create a Google account than a Telegram account. A friend of mine just told me that recently the Google account creation got stricter, in the sense that now they require you not just to insert an activation code, but to send an activation SMS directly from the messaging app of your phone, which makes use with crypton.sh and any other virtual numbers (even those backed by real, physical SIMs) impossible.

I think at this point I will just buy a prepaid physical SIM card, plug it in into a second non-GOS Android device, and activate Telegram and other sh*t from there.

do prepaid cards require kyc here? Not that it matters I suppose for work purposes?

Yes, in many countries they require KYC also for prepaid SIMs, actually I’m afraid there are not many left which don’t do (US, UK, CA and… pretty much nothing else in Europe). But yes, you are right that doesn’t matter for work purpose, in fact my goal here was not anonymity of the Telegram account per se, but rather 1) convenience of only having one phone, and 2) not wanting to give Google/Telgram/Meta any kind of access to my real SIM number and contacts.

Doesn’t your company provide work phones and work SIMs for this purpose? One would think that’s the default way to handle these things. News organizations even hand out burner phones when traveling to authoritarian nations.

Not by default, it’s not common among startups and similar. I’m sure I could get a work phone and SIM if I ask, but I would not want it. My former employer was giving us a work phone, and I hated the fact that I had to juggle two devices. Graphene OS, with its multi user support, was a blessing in this respect, but I really need to find a way to make Telegram work.

Have you tried using web.telegram.org? Might be better for privacy rather than using their native app.

Edit: Nevermind, it forces you to pre-register on your phone first.

Edit #2: You could also try using GitHub - Telegram-FOSS-Team/Telegram-FOSS: Unofficial, FOSS-friendly fork of the original Telegram client for Android. Its latest release is based on an older version of the telegram client and it notably removes “Google SMS retrieval” which could allow you to use burner phone numbers and enter in the SMS code manually.

Thanks for the pointer! But correct me if I’m wrong, this only works if you have already registered an account using the official app, right?