There's an open $200k bounty for years now. Some "expert in the field" (who just happens to work for not one but two competitors -- yes, I'm looking at you, /u/moxie) posted a blog post right afterwards, about a competition not being the same as a proper design / security audit, and that's correct. But I've seen people try and fail over the years: the crypto holds. Moxie and co would have loved to see it fall too much not to have had a stab at it, never mind the bounty, but apparently they failed.

I think the e2e in Telegram is solid. If you're really paranoid about some file in particular, you can always send an encrypted zip or GPG encrypt it -- I'd recommend that anyway, since otherwise your chat's encryption keys (which are in use all the time, thus quite easy to get at) also unlock that sensitive file.

> For non-phone related use I'd go for Wire https://wire.com/en/ encryption wise.

I would recommend Wire.com too. This needs more awareness, since it does everything we've ever wanted, has the protocol everyone seems to support, is open source, works on all popular platforms, etc. Except nobody uses it, so the network effect is not there :(