Telegram Secret Chat Bugvoidsec
For whom is following me on Twitter this is not a news, yesterday I was complaining about a Telegram “Feature” in the secret chat context, while for whom doesn’t this should serve as a write-up of the bug that I have discovered (The bug is nothing fancy but something I think people should, at least, know).
Telegram Secret Chat
If you are not practical with the concept of Telegram’s Secret Chat:
“Secret chats are meant for people who want more secrecy than the average fella. All messages in secret chats use end-to-end encryption. This means only you and the recipient can read those messages. On top of this, Messages cannot be forwarded from secret chats. And when you delete messages on your side of the conversation, the app on the other side of the secret chat will be ordered to delete them as well.
You can order your messages, media and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then disappear from both your and your friend’s devices.
All secret chats in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret chat from their device of origin.”
To sum up all these concepts, we can define a secret context as a chat where:
- All messages in secret chats use end-to-end encryption.
- Messages cannot be forwarded.
- When you delete messages, they will be deleted on the other side as well.
- Messages and media files to self-destruct in a set amount of time after they have been read or opened. Message will then disappear from both your and your friend’s devices.
- Secret chats can only be accessed from their device of origin.
On the latest Telegram Android/iOS App, I discovered a nasty bug in the secret chat.
When a user sends a media file, it will be opened with the “default player/viewer” and a useful menu will appear:
- Show all media
- Save in the gallery
If I chose the ‘save in the gallery’ option, I can easily store the media somewhere else and prevents its deletion after the expiration date. Please also note that, differently from trying to take a screenshot, this action will not be notified to the other part.
For me, this bug, was an unintended behaviour since, media shared in a normal chat with the expiration time setting enabled, are correctly deleted and sharing/saving the media is prevented.
I tried to contact Telegram in order to report this bug:
- 20/07/2018 – First Contact – no vendor response
- 24/07/2018 – Second Contact – no vendor response
- 17/08/2018 – Third Contact – vendor reply
- 30/08/2018 – Blog Post
Telegram replied and said, and I quote:
“Media sent in secret chats either without a timer or with a timer longer than 1 hour have all these options (the one that allows a media to be exported). Longer timers in Secret Chats are intended for ‘self-cleaning’ communication and not to prevent pictures from being saved.”
Basically, they were telling me that the bug I was reporting is an intended feature and a design choice they were aware of.
Now, this bug is (in my opinion), at very least, a bad design choice. Exportable medias in secret chat context should not be possible, or at least, not without notifying your interlocutor. Especially because that is in contrast with their own design:
“Messages and media files to self-destruct in a set amount of time after they have been read or opened. Message will then disappear from both your and your friend’s devices.”
When I was using Telegram Secret Chat, I was expecting it to behave like what they stated in their Wiki, the fact that it does not comply with it is something the user should be made aware of.
“If you have reasons to worry about your personal security, we strongly recommend using only Secret Chats”
Honestly, no one should expect the app, he is trusting, to behave erratically in a secrecy context; exposing its users to a threat that: they didn’t expect, cannot prevent, and will not be notified of.