[csydas]

>> Personally, I wasn't worried: since 2011, when I was still living in Russia, I’ve got used to assuming that all my phones were compromised.

I know it's fun to slam on Telegram (and for sure its encryption has flaws, I really don't think anyone denies this), but everyone needs to understand the mindset of Durov and what I'm guessing is the mindset of russian-born telegram developers: your phone can be compromised, and easily at that.

I think this is something very important for everyone to remember when the discussion of encryption and messaging comes up.

The level of encryption in transit doesn't matter if your adversary has full access on your phone that can just screenshot and pull local messages of whatever they want.

NSO's ridiculousness hopefully has made it very clear that it doesn't matter which phone/OS you're using; full access to your phone is a salable item for basically anyone with the interest in having it, and this is only the software we know about.

Journalisst, Activists, or even just someone looking for a fun weekend is at risk with modern phones and messaging; it does not matter about tapping the communication in-between if they can just screenshot/copy your phone on the fly.

Be careful about what you use your phone for.

[shantara]

In my previous job I have worked for a company that developed enterprise focused encrypted chat apps. When interviewing potential hires, one of the first general questions we asked was to give a high-level list of possible attack vectors on an installed app and its user data. Very few developers even considered the OS and device themselves as a potential threat, despite these interviews taking place well after Snowden revelations.