The Telegram messenger provides users with the People Nearby function, thanks to which it is possible to determine the location of the social network client with an accuracy of several tens of meters.
Enthusiast Ahmed Hasan posted a message about the vulnerability found on his blog . Several years ago, he already reported a similar flaw to the Line messenger development team. The creators of the messenger paid Hassan a bonus of $ 1,000 and fixed the problem.
Although Telegram only shows the distance to a particular user in the list, you can determine its exact location using triangulation. To do this, you need to change your location twice, marking each time the distance to the user, and then draw three circles on the map with a center in your coordinates and a radius equal to the found distance. The user will be at the intersection of the circles. At the same time, you can only find those who use the “People nearby” function.
It is worth noting that alternative solutions in other applications for calculating the distance between users provide for the addition of a random number to the coordinates, which makes it impossible to determine the real geolocation, but in the case of Telegram, the developers decided to neglect this additional security measure.