For all new users who have left WhatsApp for Telegram, the latest bug is a stark reminder that unfortunately, no messaging service is completely secure.
The most recent privacy breach was discovered by security researcher Dhiraj Mishra. It is included in version 7.3 of the macOS app. Telegram was informed of the problem on December 26, 2020. After an update on January 29th, the problem was fixed in version 7.4 of the macOS app. Mishra has given most of the users ample time to update their app before publicly speaking about the bug. However, if you haven’t updated Telegram on your MacBook, iMac, Mac Pro, or Mac mini, you should head over to the App Store to download it right away.
Unlike Signal and WhatsApp, Telegram doesn’t use end-to-end encryption for its messages by default. Instead, users must sign up for a mode called “Secret Chat” in order to enable this important privacy measure. When this mode is enabled, users have the option to send “self-destructive” messages. These are not only encrypted throughout, which prevents anyone other than the sender and recipient from seeing the content (including the telegram itself), but it also prevents the content from being automatically deleted from both phones after a set period of time. As a result, the recipient will no longer be able to review the encrypted messages days later.
However, Mishra found that while recording audio or video messages in the macOS application, it was possible to locate the MP4 recording on the laptop hard drive. Once you know where the file is stored, you can dive into the folders on your Mac and check the recording – even if it’s gone from the chat window in Telegram. Although you can no longer play the video or listen to the audio clip in the app, the file itself is not deleted and remains available as long as you know where to look.
“Telegram says that ‘super secret’ chats leave no trace but store the local copy of such messages,” Mishra told The Hacker News.