While WhatsApp and Telegram are notorious apps for message encryption, it turns out they’re not so reliable at securely storing files on your phone. Security researchers at Symantec have explained how hackers intercepted files sent from services such as WhatsApp and Telegram thanks to malicious software.
WhatsApp offers two options as a recording location on the Android platform. Users can save content from the application to external memory, such as local memory or microSD card. WhatsApp saves applications in external memory by default, while Telegram saves content in external memory by doing the same with the ‘Save to Gallery’ feature enabled.
According to the researchers, it is possible that a malware with access to external memory could gain access to WhatsApp and Telegram applications without users noticing. When a user installs malicious software on their device and receives a visual from WhatsApp, the hacker is able to access the visual without anyone noticing. Of course, it is possible for the hacker to access the content sent.
The attack, which investigators have dubbed ‘media file theft’, appears likely to pose a major problem with privacy and access issues. Users who use the external memory option have a chance to easily move files and save space on their devices, but their privacy is compromised.
There was no comment from Telegram when he was asked to comment on the matter. A spokesperson for WhatsApp said that changing the storage location could pose challenges to WhatsApp or even face new security issues.
A spokesman for WhatsApp said in a statement:
“WhatsApp has closely examined this issue and the previously raised allegations of vulnerability. WhatsApp is currently using the best storage capabilities offered by the Android operating system, and is also developing its own storage options as Android develops.”