Users of the macOS Telegram messaging app are alerted to potential privacy issues that could expose files they share with other users.
According to research by Reegun Richard Jayapaul, lead threat architect at Trustwave SpiderLabs, the possibility deletions in the privacy-focused app can be bypassed and keep the files permanently.
The first issue was that all multimedia files sent via Telegram were stored in a cache, even after a message self-destructed.
This means that a hacker could still access these files (audio, video, shared sites or documents), according to Jayapaul. It is also the second time this year that a researcher has found that files were not deleted effectively when deleting conversations in the Telegram application.
A second issue that was also not fixed by Telegram by deleting the messages is that it gives the hacker the ability to bypass its security devices, just stealing one archive from the cache folder without the recipient ever opening it.
This could, of course, be done by taking snapshots screens or recordings, although the entry into the cache indicates to the sender that the recipient has not read the message, leaving them completely unaware.
"With the help of researchers, we continue to improve the functionality and security of features like this," Telegram said.