If you use Telegram on Mac, you should upgrade to its latest version (7.4) as the company fixed two critical bugs that could affect your privacy. These vulnerabilities included storing self-destructing messages locally even after they are deleted and saving the app’s passcode in plaintext.
Security researcher Dhiraj Mishra found these bugs in Telegram’s stable macOS client (version 7.3) and reported them to the firm in December. Telegram patched them in the latest release of the app that was rolled out in January.
[Read: How Polestar is using blockchain to increase transparency]
Telegram allows you to send self-destructing messages in a secret chat. Ideally, the app should delete text, image, audio, or video that you sent after the specified time in this mode. However, Mishra found that because of a bug, media files were still present in the local system of the receiver, even after they were deleted from the desktop client. To be clear, the file is stored on both ends if the sender and receiver are using the macOS app.
The app also allows you to lock it through a passcode, so other users on the system can’t see your messages. However, Mishra found that Telegram was storing this code in plain text in a local file. So, there was a danger of someone accessing that file and unlocking the app.
After WhatsApp’s new privacy policy announcement last month, Telegram saw a lot of traction and passed the 500 million active user mark. While the app has plenty of useful features, it’s important that you download its latest version from here to preserve your privacy.
Get the TNW newsletter
Get the most important tech news in your inbox each week.