Telegram desktop app leaked user data during calls

Telegram's desktop app had a major flaw that put both public and private IP addresses of users vulnerable during voice calls. Security researcher Dhiraj Mishra uncovered the flaw in Telegram's peer-to-peer framework. As explained in his blog on inputzero, Telegram forces clients to only use P2P connection for calls. Where mobile users could turn off peer-to-peer calls and keep their information secret, you had no choice but using the technology on the desktop. That could open you to attacks or disclose your location regardless of how careful you might otherwise be. The flaw could have resulted in hackers wrongly gaining access to location data and other information related to IP address. 

The telegram has since then fixed the flaw by adding the option of “P2P to Nobody/My contacts” in version 1.3.17 beta and 1.4 versions of Telegram by giving you options to either disable peer-to-peer calling entirely or limit it to your contacts. Mishra received a €2,000 (about $2,300) bounty for the find. It's not Telegram's proudest moment, but the flaw does serve as a reminder that you can't assume an app is airtight simply because of its reputation, even if most of its policies are sound.

Recently, Telegram added more features and tricks to its iOS and Android versions that allow users to further customize and manage their messages. Telegram is regularly making headlines as some governments work to ban the popular messaging service for being too-private and secure, therefore potentially giving terrorists a safe place to confidentially plan attacks. Furthermore, the app developers refuse to hand over encryption keys, which earns them more trust with their ‘over 200 million monthly users'. 

Self-destructing messages are an attractive feature of the app, allowing users to set a timer for how long the conversation can be viewed. Then there's the ability to delete what has been written and sent, for everybody. Now, Telegram is introducing the same function for media. As the announcement for "Replace Media and Add Captions notes, “Sending the wrong picture by accident is rarely fun,” therefore photos and video can be replaced with correct versions and captions can also be added later.