The Telegram spokesman said the company recommends users only download the app from its website or official app stores.Īt the request of Telegram on Wednesday, Malcore conducted dynamic analysis and manual code review of a second version of the app from the US Google Play store, which improved the app’s score to 12.7. In this case, the service appears to have analysed APKs not downloaded from our official site or the Google Play Store, but from third-party sources APKPure and APKMirror.” This human analysis is far more reliable than automated code analysis services. “Telegram supports reproducible builds, which allows any researcher to independently verify that the apps we publish are built from the very same source code we publish. This is a false alarm,” a Telegram spokesman said. Neither the Telegram app available in the Google Play Store nor the app available directly on our website contain Huawei Mobile Services. “Only the Telegram app downloaded from the Huawei App Gallery contains Huawei Mobile Services as it’s a necessary replacement for their users who are unable to use Google Play Services. “We hope that by publishing these it encourages social media companies to only access data that is functional, keep their source code up to date and reduce the amount of data they sell into the ecosystem.” “The Malcore scoring process is to give consumers visibility of what access and data is being accessed across industry. “Most applications will need a score to function, normally in the safe zone under 30 is good,” Internet 2.0 co-founder David Robinson told The Australian Financial Review. The higher the score, the greater the deemed risks and permissions, some of which may be unnecessary for the app’s operation. To come to a final score out of 100, it assigns 2.5 points per tracker or token found, 0.05 for a severity warning in code analysis results, 0.15 for a high severity warning in code analysis, 0.075 for a suspicious permission and 0.25 for a dangerous permission. Malcore scans files and programs to detect risks and malware. Trackers can be legitimate, and can help developers understand how their apps are being used and resolve potential issues.įinding the tracker on Telegram was a surprise to the researchers, but 11 trackers were found in Rakuten’s voiceover IP (internet protocol) and messaging app Viber, which received the riskiest score. Static analysis tests and examines the code without running the app, while dynamic analysis tests and evaluates as the app is running.Ī tracker can be used in an app to monitor usage and engagement, for example in analytics or advertising.
#Telegram messenger china android
Using its Malcore platform, Internet 2.0 scores apps based on code analysis of the app Android as well as the permissions it asks for on the phone. While researchers say their analysis raises questions about the safety of the app, Telegram contests the findings.Īustralian cybersecurity and intelligence firm Internet 2.0 ran static analysis of popular messaging apps Telegram, Signal, Whatsapp, Facebook Messenger, Viber and Threema Work.įacebook Messenger received the top score among messaging apps. Encrypted messaging app Telegram contains a Huawei tracker in its Android version, according to analysis by an Australian cybersecurity firm that has broken down the source code of popular mobile apps.
0 kommentar(er)
