Same reason they made their crypto trivial for the server to MITM.

Whether malice or ineptitude it's hard to say but it's one of those.

Secret Chats cannot be MITM'ed and MTProto2 has never had serious security problems despite multiple audits.

That's in contrast to WhatsApp, which backs up your private key to the cloud by default. And in contrast to Signal, which has inexcusable software bugs such as sending private photos to random contacts in your list (is it really E2E encrypted if you can't be sure who the recipient was?).

MTProto2 has no published audits nor even overviews that any trusted security researcher has found serious.

https://news.ycombinator.com/item?id=24832256

WhatsApp stores credentials in iCloud Keychain on iOS which is properly e2ee’d.

Signal recipient bug was serious, very rare, and hard to catch due to lack of log collection.

The link is to a discussion:

>Sigh. That Stack Exchange answer is incredibly old and points to the flaws everyone knew in MTProto 1, which has been superseded by MTProto 2 for years.

Telegram's 1 on 1 secret chats are quite simple and straightforward in design. It is unlikely that there are any security issues in there. Telegram has the same usability issue that the rest of these end to end encrypted instant messengers have. They base all the security on having the users compare some ridiculously long numbers and then downplay the whole thing.

I do not consider a messenger "E2E" encrypted if one of those ends is a random person you did not intend to message. The fact that bug was even possible suggests poor engineering standards.