Open-source third-party Telegram client with not many but useful modifications. - [Spyware, Malicious code] Malicious Code Injection and User Data Leaking in Release Binaries · Issue #336 · Nekogram/Nekogram
So, assuming good faith, they used two Telegram bots for some service functionality
these two bots are used to resolve username from user id, eg tg://user?id=25
Obviously, that should never happen silently. But these findings don’t necessarily mean data has been compromised [beyond the scope of the app itself].
I get they may be very frustrated and annoyed at the negative blowback after their FOSS efforts, but dismissing concerns isn’t a good way to respond.
So, assuming good faith, they used two Telegram bots for some service functionality
Obviously, that should never happen silently. But these findings don’t necessarily mean data has been compromised [beyond the scope of the app itself].
I get they may be very frustrated and annoyed at the negative blowback after their FOSS efforts, but dismissing concerns isn’t a good way to respond.