Indeed Telegram is not more secure than WhatsApp, but I usually take into account the position of each company and how that affects my particular use case.
Yes, the signal protocol and signal's implementation are both open source, but you have no way to actually verify that WA has actually implemented the protocol correctly and securely. Sure you could do some basic packet analysis but this wouldn't tell you about the presence of any remotely triggered backdoors.
The only way for you as a user to actually verify the security is by reading the source and compiling the software yourself, or reading the source and verifying the signature via reproducible builds.
I really don't understand the business decision process here. If they just copied Signal with OSS/FOSS code and reproducible builds they would just win outright and tech people wouldn't have anything to complain about. The value of the service is the network anyway -- why care so much about the client?
There are many ways that both WA and Telegram can be subverted/backdoored/messed up. What it really comes down to, is who do you trust? Do you trust WA or Telegram? Personally, I trust WA a lot more than Telegram since WA has Moxie on their team and Telegram says, "Trust us" and a very unreasonable security challenge. I naturally don't trust people that say "Trust us" and put up unreasonable security challenges.
You can just decompile the program. Binaries aren't a magic black box. Given how much FB stands to lose by lying, is imminent l unlikely they think they can get away with hiding stuff in an Android app. As much as I despise FB, this isn't one of the reasons. (Using WhatsApp still gives them metadata and contact info.)
While it is true that Telegram's clients are open-sourced, their server-side code is not. So we don't know how information is stored on the server (I do not think that it is encrypted).
Closed source servers are no problem in verifying E2E encryption if the client is open source. Whatsapp's issue is that the clients are closed source. Telegram's issue is that it's optional to encrypt your messages. That's the long and short of this whole Whatsapp versus Telegram discussion.
