Telegram is one of the most-trusted apps when it comes to private messaging. Therefore, any security or privacy bug arising in the app is certainly worth noting. Recently, a researcher spotted a privacy bug in Telegram that could expose pictures and videos from messages that were previously deleted.
Security researcher Dhiraj Mishra discovered a serious privacy bug in Telegram app. According to his findings, there was a privacy issue that could expose unsent media to other users
Stating about the problem in his blog post, he explained that the issue existed in Telegram’s feature of deleting sent media. For instance, if a user inadvertently sends a picture or video to another user, he can delete the sent message. However, due to the bug, it became possible for the recipient to still retrieve the deleted media from the internal storage of the device.
It means that the delete message feature only worked for the chat window of the app.
He has also shared a PoC of the bug in a video.
Mishra also explained that the bug further posed a threat in case of Telegram subgroups. In this case, the deleted media would be available to all users.
The researcher tested Telegram for Android to discover this bug. Though, he assumes the possible existence of the bug on iOS and Windows versions as well.
After discovering the bug, Mishra shared his findings with TechCrunch. Both the researcher and TechCrunch reached out to Telegram to report the matter.