-
@ Braydon Fuller
2024-08-25 04:19:35
When is the last time Telegram client code has had a security audit?
https://github.com/DrKLO/Telegram
Taking a quick look and two things stand out; committed binary library files and huge commits very much lacking commit notes and details, just version bumps.
Binary files could be deterministically built and compared to known hashes. Commits could include notes about the changes in smaller increments. It appears that many changes are made in private and then only pushed live at each release, lots of opportunity for underhanded coding.