I take a picture inside Telegram, send it and immediately delete it for myself or for both. A copy of the picture always remains in the folder of the phone:
Android/media/org.telegram.messenger/Telegram/Telegram Images/
If I delete it only for me an additional copy remains in the cache folder:
Android/data/org.telegram.messenger/files/Telegram/Telegram Images/
This means:
- deletion for me: 2 copies remain
- deletion for both: 1 copy remains
However the user was deceived, as he assumes that the image has been deleted.
There are several security issues:
- The user has not given permission that local copies can remain after deletion.
- The user is after deletion not warned that copies remain.
- The user cannot disable this behavior (at least I could not find a way).
- The user has to manually delete the files in the folders every time he takes a picture if he doesn’t want an unwanted copy. This makes the application useless for such user.
- Data garbage is created.
How to improve the behavior except of not using Telegram?
Notes:
-
Deleting the cache within Telegram is not a solution for several reasons. It does not prevent local copies from being saved, it just manually removes them afterwards. Clearing the cache affects all files in the cache, not just one. It does not delete all copies of a given image, the copy in the first folder remains.
-
Of course, even after deleting a file, the problem remains that in some cases a file can be recovered. Conversely, this would mean that nothing needs to be deleted at all, as it might be possible to restore it. The issue of deletion by overwriting is not discussed here.
-
The question addresses only the following protocol: first taking a picture within telegram, then sending and immediately deleting it by the user.
-
Secret chats are not discussed.
Telegram v11.7.0 (5663), Xiaomi HyperOS 2.0.3.0.VMXEUXM, Android 15 AP3A.240905.015.A2
