The heart of tech

This article was published on September 12, 2019


Telegram fixed a bug that stored images on recipients’ phones even after you ‘unsent’ them

Telegram fixed a bug that stored images on recipients’ phones even after you ‘unsent’ them
Ivan Mehta
Story by

Ivan Mehta

Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That's one heck of a mixed bag. He likes to say "Bleh." Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That's one heck of a mixed bag. He likes to say "Bleh."

Telegram messenger just fixed a bug that stored a picture you sent via a message even if you ‘unsend’ the message. The vulnerability, discovered by security researcher Dhiraj Mishra, affected the messenger’s last stable version (5.10.0 (1684)) before the update. 

Mishra said on his blog the app stored images in the “/Telegram/Telegram Images/” folder in the phone‘s internal storage even if a user chooses to remove it for all users. Horrifically, this applied to group chats as well which can have as many as 200,000 members.

The video below shows the bug in action.

The messenger launched the unsend feature in 2017 that allows you to delete a message for everyone in the chat. Mishra had also tried replicating this bug in messengers such as WhatsApp, but the unsend feature worked as intended for those apps.

Telegram has released a new version (5.11) on September 5 to fix this bug.

You can read more about the anomaly here.

Also tagged with


Published
Back to top