Recently in the network there were reports about discovered vulnerabilities in the desktop application Telegram. When using peer-to-peer P2P connection during the calls, it was possible to obtain the IP addresses of the users. In the mobile app P2P connection can be disabled and the desktop this was not an option, yet the developers have not fixed this in the latest update.
Now the situation is commented Pavel Durov behind the messenger Telegram. He noted that in fact, it’s not as sensationally as serving media, and the application Telegram Desktop protected not worse, than other VoIP applications is encrypted even before it was implemented the possibility to disable P2P calls. Mobile app has always been protected even better than the competition.
Durov noted that the P2P connection will provide high call quality with low latency, but both devices must know the IP addresses of each other. Thus, choosing this type of connection you give your interlocutor a theoretical possibility to find out your IP address.
Durov also said that the voice calls in Telegram Desktop accounted for only 0.01% of the total number of calls in the Telegram and this version of the application was the only one without the ability to disable the use of P2P. Now it is updated, eliminating the vulnerability.
Durov said that if you use technology screaming headlines, WhatsApp, Viber and other instant messengers “merge your IP address” in 100% of the calls and it cannot be disabled.