Steps to reproduce Install and login to your telegram account Now your phone number belongs to Xi Jinping... jk. to Nekogram creator Expected behaviour Not leaking phone numbers Actual behaviour Ma...
PSA on anyone who used this. Terminate your session via active sessions on another telegram app after you “log out”
This app ALSO doesn’t properly invalidate your session token like most apps do, so even though it “logs out” on the UI, the auth token to the telegram stays active.
While there hasen’t been any evidence that it transmits auth tokens, since it was confirmed AND admitted that they logged phone numbers, it’s better to be safe than sorry.
PSA on anyone who used this. Terminate your session via active sessions on another telegram app after you “log out”
This app ALSO doesn’t properly invalidate your session token like most apps do, so even though it “logs out” on the UI, the auth token to the telegram stays active.
While there hasen’t been any evidence that it transmits auth tokens, since it was confirmed AND admitted that they logged phone numbers, it’s better to be safe than sorry.