Security News > 2021 > January > Bug? No, Telegram exposing its users' precise location is a feature working as 'expected'

A researcher who noted that using the "People Nearby" feature of popular messaging app Telegram exposed the exact location of the user has been told that it's working as expected.

Hassan reported the issue in the hope of a bug bounty only to be told: "Users in the People Nearby section intentionally share their location, and this feature is disabled by default. It's expected that determining the exact location is possible under certain conditions."

In its FAQ Telegram claims to be "More secure than mass market messengers like WhatsApp and Line" based on its security protocols, but does not address the risks from malicious users.

Obtaining the location of nearby users is not an issue exclusive to digital devices.

As discussed on Hacker News, Apple made some remarks on the subject at its developer event last year, stating that location information should be tailored to the requirement and that there are cases where sharing "Just a little bit of location information makes sense for the app's expected functionality."

In the case of Telegram's requirement, it might be sufficient simply to report which users are within a seven-mile radius, for example, rather than exposing their exact distance away.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/01/05/telegram_location_people_nearby/