Steps to reproduce Install and login to your telegram account Now your phone number belongs to Xi Jinping... jk. to Nekogram creator Expected behaviour Not leaking phone numbers Actual behaviour Ma...
So, assuming good faith, they used two Telegram bots for some service functionality
these two bots are used to resolve username from user id, eg tg://user?id=25
Obviously, that should never happen silently. But these findings don’t necessarily mean data has been compromised [beyond the scope of the app itself].
I get they may be very frustrated and annoyed at the negative blowback after their FOSS efforts, but dismissing concerns isn’t a good way to respond.
So, assuming good faith, they used two Telegram bots for some service functionality
Obviously, that should never happen silently. But these findings don’t necessarily mean data has been compromised [beyond the scope of the app itself].
I get they may be very frustrated and annoyed at the negative blowback after their FOSS efforts, but dismissing concerns isn’t a good way to respond.