cross-posted from: https://piefed.world/c/tech/p/1146502/telegram-apk-from-apkpure-is-a-spyware

On analyzing the APK with jadx, it contains a class DataCollector, which does not exist in the .apk file downloaded from the official Telegram website.

This class collects a lot of your data, including:

  • Your photos, videos, and files
  • Your contacts
  • Your messages
  • Your GPS Coordinates
  • Your SIM card information
  • Your Telegram profile

This data is monitored and uploaded continuously. All the data is uploaded to a server with IP Address 38.190.225.166

💬 Initial discovery by Eric Parker

🔗 APK Analysis: Part 1 | Part 2.

Source on Telegram.

  • Luffy@lemmy.ml
    9·
    3 days ago

    What? There were so many ways to not download this, from using a certificate provided by telegram to… Well just downloading it from telegram directly.

    This is not something that would need such drastic actions as blocking everything thats not from one authority, and even with that I’ll remind you that google as an authority has in no way better standards in many ways.

    Also, feddit.UK, so show me your I’d.