0

There are many unofficial telegram clients out there but i want to know if they can access user messages in plain. In my opinion, message decryption must be done somewhere inside the client app so it's clear that they can read plain text messages. A similar question asked here but the answer given is not accepted.

Mehran Torki
  • 123
  • 5
  • You aren't willing to accept that answer because the previous question asker hasn't. How do you plan to evaluate answers here if you can't decide your own view on that one? – Hector Jan 13 '18 at 10:01
  • @Hector I accept the answer when i have no questions about the answer and if i have any question about the answer, i'll ask in comment until i get the answer totally, as i did in your answer. – Mehran Torki Jan 13 '18 at 10:19
  • it wouldn't be very useful if it couldn't... – dandavis Jan 13 '18 at 14:59

1 Answers1

1

If it can show it to you in plaintext or if you send it from that application then the application has access to it in plaintext. Unless the encryption is performed at a hardware level there is no physical way to implement it without that being true.

Hector
  • 10,893
  • 3
  • 41
  • 44
  • 1
    You mean that hardware encryption/decryption can protect messages from client app ? How it can be done ? Client app must somehow show the message to user. – Mehran Torki Jan 13 '18 at 10:15
  • 1
    So can we say that all unofficial telegram clients are potentially insecure ? as all of them can show messages in plaintext. – Mehran Torki Jan 13 '18 at 10:24
  • @MehranTorki - to be secure all paths from decryption to display would have to be trusted. So it couldn't just be the deception - the rendering for display would also have to be done in hardware (or at the very least trusted non app software). For example if the OS or hardware had a mechanism to pass in an encrypted text string which it then decrypted and displayed to the user with no further app interaction (nor access to the underlying private key) the data would be secure from the app. But in practice I'm not aware of any system like this that exists. – Hector Jan 13 '18 at 10:37
  • 1
    Yes - I would say with reasonable certainty there are no telegram applications that cannot access all messages they can display in plaintext. – Hector Jan 13 '18 at 10:38