-
-
@bascule@FiloSottile If the Telegram app itself can decrypt and display messages from the db, then code injected into their pid as root can -
@hubert3@FiloSottile if you can find the keys... -
@bascule@FiloSottile but ultimately, if the attacker can instrument / inject the app itself, you will be able to read the contents -
@bascule@FiloSottile anyway, the bug report was definitely overhyped and self-aggrandizing, and is getting some clueless reporting as usual -
@hubert3@FiloSottile strongly agree, I deleted it from my Twitter and regret posting it sans comment, but... -
@hubert3@FiloSottile on the one hand I should read harder before I tweet, on the other hand obfuscation is an art and Telegram sucks at it
End of conversation
New conversation -
-
-
@bascule@FiloSottile I don’t think any of those things would help really protected the saved message DB in this case -
@hubert3@FiloSottile yeah people who actually know what they're doing would probably encrypt the local database too :P -
@bascule@FiloSottile I do agree they shouldn’t store plaintext, e.g. using Android KeyStore to store a key would be a good option
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.