Close this search box.

How Secure is Telegram? Secret Chat leaves Self-Destructing Files on Devices


Much has been made in recent weeks of social media chat applications and their security, following Facebook’s changes in terms and conditions that affected users of its popular Whatsapp app.

Telegram has been touted as a safer alternative, with many users flocking to the app as a result.

But Telegram has found itself in some of its own issues, with a recent issue picked up by observers where an important privacy function didn’t quite operate the way it was meant to.

The app has seemingly fixed the privacy-defeating bug in its macOS app, which made it possible to access self-destructing audio and video messages long after they disappeared from “secret chats”.

The vulnerability was discovered when a security researcher disclosed his findings to Telegram last month. The issue has since been resolved in version 7.4, released on January 29.

Unlike Signal or WhatsApp, conversations on Telegram by default are not end-to-end encrypted, unless users explicitly opt to enable a device-specific feature called “secret chat,” which keeps data encrypted even on Telegram servers. Also available as part of secret chats is the option to send self-destructing messages.

What the researcher found was that when a user records and sends an audio or video message via a regular chat, the application leaked the exact path where the recorded message is stored in “.mp4” format. With the secret chat option turned on, the path information is not spilled, but the recorded message still gets stored in the same location.

Even in cases where a user received a self-destructing message in a secret chat, the multimedia message remained accessible on the system even after disappearing from the app’s chat screen.

The researcher was awarded €3,000 for reporting the two flaws as part of the app’s bug bounty program.

Telegram in January hit a milestone of 500 million active monthly users, in part led by a surge in users who fled WhatsApp following a revision to its privacy policy that includes sharing certain data with its corporate parent, Facebook.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →