Telegram Saved Self-Destructing Media in Secret Chats

In the popular messaging application Telegram, a vulnerability was discovered in the macOS version of the program that violates user privacy. The issue was identified by security researcher Dhiraj Mishra in Telegram version 7.3. Its exploitation allowed access to self-destructing audio and video messages long after they disappeared from secret chats.

Unlike Signal or WhatsApp, Telegram conversations are not encrypted by default, except when users use secret chats, which keeps data encrypted even on Telegram servers. The ability to send self-destructing messages is also available in secret chats.

According to the researcher, when a user records and sends an audio or video message via regular chat, the application transmits the exact path that the recorded message is stored in the ".mp4" format. When the secret chat option is enabled, the path information is not transmitted, but the recorded message is still saved in the same place.

Even in cases where the user receives a self-destructing message in a secret chat, the multimedia message remains available in the system after it is removed from the chat screen.

"Telegram reports that" super secret "chats do not leave traces, but they store a local copy of such messages along a given path," Mishra explained.

The expert also discovered another issue in the macOS version of the Telegram app, in which local passwords were stored in clear text in a JSON file located in the / Users / <user_name> / Library / Group Containers / <*> folder. Ru.keepcoder.Telegram / accounts-metadata./."