The phone may have been hacked, at that point it doesn't matter how encrypted the apps you use are. Telegram may be absolutely fine. It's why I find it somewhat amusing when org's come out complaining about encrypted apps, when every month a new Android patch comes out fixing a whole bunch of exploits they can use.
I find it strange that people continue to call Telegram a secure/encrypted messaging app when end-to-end encryption is not on by default, only available for 1 on 1 chats and only on 1 device. Also chats without end-to-end encryption are saved on their servers and your list of contacts as well, including full names. Not to mention that their cryptography was heavily criticized by experts. Sure, there is no ideal ultimate secure messaging apps, but there are enough alternatives that are a lot better. For the rest, I agree with @elapsed.
Telegrab malware hijacks Telegram desktop sessions https://www.zdnet.com/article/telegrab-malware-hijacks-telegram-chat-sessions/
You know, if someone figured out a way to safely set up devices, in remote locations to send fake plans similar to that French guys plans back and forth then see if the feds show up there or not, they might find out which ones are really secure.
