Users of the macOS messaging app Telegram are warned of potential privacy issues that could expose files they share with other users.
According to research by Reegun Richard Jayapaul, who is the lead threat architect at Trustwave SpiderLabs, the ability to delete an application that focuses on privacy can be bypassed and the files kept permanently.
The first issue was that all multimedia files sent via Telegram were stored in a cache, even after a message self-destructed.
This means that a hacker could still access these files, (audio, video, shared locations or documents), according to Jayapaul. It's also the second time this year that a researcher found that files were not effectively deleted when deleting conversations on the Telegram app.
A second issue that was also not fixed by Telegram by deleting the messages is that it gives the hacker the ability to bypass its security devices, by simply stealing a file from the cache folder without the recipient ever opening it.
This could, of course, be done by taking screenshots or recordings, although entering the cache shows the sender that the recipient has not read the message, leaving him or her completely ignorant.
"With the help of researchers, we continue to improve the functionality and security of features like this," Telegram said.