With WhatsApp’s unfavourable privacy changes, there was a surge in the number of new users for social messaging apps like Telegram and Signal. It was because Telegram is considered more reliable but in the most recent event, Telegram brought forward a major security flaw making the users question the rate of vulnerability of their private details being rendered public.
This security vulnerability was capable of exposing self-destroying audio alongside video messages of a user, the condition being given that the app was being used on Mac.
Dhiraj Mishra, an independent cyber security researcher, was the first one to find out about this issue pertaining to Secret Chat, an encrypted conversation on Telegram. Mishra recognised that the storage details related to the video, image or audio being sent by a user were revealed to the other user. In case of the secret chats, the file destination wasn’t revealed, but it stored these media files in the same destination folder and Telegram did not delete these files automatically.
After a period of time, the respective media files get deleted but still remain in the local storage folder. In case of macOS app version of Telegram, it saves local passwords in its storage, that one might have set to prevent any other user from logging in to your chat window via a shared device through plain text. This increases the potential of a user to be able to access such passcodes and the respective conversations.
Thinking the secret chat to be a secure way, the user private audio, video and images of contact could be at stake and would have got exposed by someone who knows about this loophole.