Telegram fixes ‘unsend message’ bug that held on to your pictures
Imagine this: you’re at a party one Saturday night and, at 1 a.m. decide to send your best pal a picture of yourself doing a headstand wearing nothing but a pink tutu, slamming a litre of Smithwick’s finest from a beer bong.
Unfortunately, your best pal’s name is Sue, which also happens to be your boss’s name, and you selected the wrong contact. Ruh-roh. That’s a quick way to sober up.
Luckily, you sent the photo using Telegram Messenger, and you remember that it lets you delete entire messages and the pictures they contain both from yours and the recipient’s phone. Sue was probably asleep, so you can quickly wipe the message and no one will be any the wiser.
Phew, no harm done. Except for one important fact: it turns out that ‘unsend’ feature didn’t work properly.
Telegram introduced its ‘unsend message‘ feature in version 3.16 back in 2017. It’s another feature in an app that has attracted privacy advocates everywhere for its ability to cloak communications, but security researcher Dhiraj Mishra has uncovered a flaw.
The Android version of Telegram stores any images received in the
/Telegram/Telegram Images/ folder. When deleting a message, you’d expect it to delete the image as well. In fact, it left the picture intact in the folder. The recipient would have to know to look there, of course, but if they checked, they’d be able to see you in all your tutu-sporting, beer-bonging glory. Bang goes your promotion.