A researcher has found that Telegram’s default configuration leaked a user’s IP address when making a call.
According to Bleeping Computer, the default setting for Telegram sees voice calls being made over P2P – and the IP address of the contact you are speaking to is shown in the Telegram console logs.
“Not all versions include a console log,” stated the report.
Telegram’s app does allow users to change this setting in iOS and Android. Users can set peer-to-peer voice calls to “never” and the communication will then be routed through Telegram’s servers.
This produces lower audio quality, stated the report.
The desktop version of Telegram and Telegram Messenger for Windows, however, does not offer the ability to disable P2P calls.
Telegram said only the “My Contacts” option should be set to P2P by default in this case, and attributed the sharing of IP addresses to non-contacts in the app to a bug.
This has subsequently been fixed.