>While Telegram was founded upon a noble goal of providing privacy to consumers everywhere at no cost, they have fallen short of their objective by focusing purely on data-in-transit versus protecting data-at-rest on the mobile device itself. What is regrettable is that I approached Telegram multiple times and have yet to receive a response. Telegram’s so-called powerful encryption is not protecting users any better than any other page or app that uses SSL. If you are using Telegram because you want to ensure your privacy and the privacy of the messages you are sending, be aware that it will not stop sophisticated hackers from reading your messages. We highly recommended adding additional protection to your mobile device that can detect device-level cyberattacks.
We told you it was shit, /g/
>Any attacker that gains access to the device can read the messages without too much effort.
>implying you couldn't read Threema, TextSecure or whatever the fuck messages with fucking root access on a device
If anything you could still just go ahead and grab literally everything the device displays.
This is fucking nothing.
We know Telegram isn't the holy grail of security, but fucking hell, you're going to have to try harder than this.
At the end of the day, Telegram is still the only mass-marketable alternative to WhatsApp that exists.
>How I "hacked" "Telegram's" "Encryption"
>took a memory dump and read cache files for client app
Still, it would be great to see the app protected with a PIN, at least.
>not using phone encryption
>not using password lock
>We highly recommended adding additional protection to your mobile device that can detect device-level cyberattacks.
And you also sell that additional protection? What a coincidence!
sure thing, but still the db in /data could be encrypted
Another detailed blog post alexrad[.]me/discourse/a-264-attack-on-telegram-and-why-a-super-villain-doesnt-need-it-to-read-your-telegram-chats.html
i'd suggest to encrypt secret chats with gpg keys generated at installation time and shared between phones when you add a new contact
While I agree the OP is clickbait, there is one important point that I think is being missed. That is securing data-at-rest best practices are not being followed by Telegram. That's really all this post is bringing our attention to.
And while I agree that once an attacker gets physical access it's basically game over, it shouldn't stop app devs from following some security best practices for data at rest to make it more difficult to get at the data stored by the app.