WhatsApp and Telegram are two of the most popular messaging apps in the world, famous for their encrypted message guarantees, which is among the features that make it so likeable.
But a new report now shows that they may not be able to keep files as safe once they are stored on your phone. The report was compiled by researchers from Symantec stating in detail how attackers could use harmful apps to slightly change media files sent through the message services.
This might seem reasonable to some point considering the message apps are among the pioneers of free media file sharing. So it wouldn’t be too much of a stretch to consider the possibility of hackers taking this advantage to benefit themselves. On Android, apps have the option of saving media files like images and audio either through the app’s own internal storage or through external storage that belongs to the phone that can also be accessed by other apps.
A service like WhatsApp, for example, stores media files through the phone’s storage (external) while Telegram restricts itself until the “Save To Gallery” feature is enabled by the user.
With this being the case, the research has found out that the malicious apps that also have access to the external storage contain malware that can be used to access the media files sent through the messaging apps, at times even before the receiver has seen them.
This then gives the hacker an opportunity to alter the file say an image without the user ever noticing. In the same way, although theoretically, the attacker also has the chance of manipulating outgoing messages as well. The attack that has been dubbed “Media File Jacking” may be a recognised problem that’s torn between privacy and accessibility for Android messaging apps.
The external storage setting used by most apps that are more compatible with others gives them access to media files allowing data to move more freely, a factor that comes with a price as pointed out by researchers last year.
Despite request to comment on this issue, the team at Telegram has kept mum about it but WhatsApp, through a spokesperson, said that limiting the app’s storage system to just internal could restrict the service’s ability of sharing media files and even bring up new privacy issues, adding on a lot to Zuckerberg’s already full plate.
“WhatsApp follows current best practices provided by operating systems for media storage and looks forward to providing updates in line with Android’s ongoing development.” said the spokesperson in a statement. We would love to see this potentially troublesome issue contained considering the huge numbers of users that these two apps are responsible for.
And as the researchers clearly state, users tend to lean their trust on encrypted apps that “protect the integrity of both the identity of the sender and the message content itself.” But they still went on to acknowledge that no code is immune to security vulnerabilities.