An engineer recently analyzed the code of Nekogram, a relatively popular third-party Telegram client, and discovered that the application's actual code does not match its open-source GitHub repository. A backdoor was found hidden in the Extra.java file, which sends user data directly to @nekonotificationbot. Furthermore, this bot can pull information from other linked accounts under the user's name, and the bot itself is managed by Nekogram.
Some community members suspect that this data might be stored in their databases, though its exact purpose remains unknown.
There have been similar situations in the past. To meet compliance requirements when entering certain countries or regions, some third-party clients might collect specific data and information. For example, Telega uses Russia's VK servers, which could potentially expose sensitive information and data to Russian government surveillance.
Currently, the official Telegram app is rolling out a new feature to detect whether the person you are chatting with is using a third-party client to ensure information symmetry. After all, many third-party clients function vastly differently from the official app, such as Ayugram.
Comments NOTHING