Telegram, which is a posing a stiff challenge for WhatsApp in the terms of features and security was facing a flaw that exposed IP address of users when a call is initiated.
As reported by Bleeping Computer, a default setting of Telegram is to be blamed for making available the IP addresses when calls are made over P2P. The address appears in the console logs and can be accessed by anyone having access to your computer.
However, console logs are not generated on every platform. Windows version of Telegram does not display a console log while Linux version does.
Telegram advises users to change settings to disable the visibility of their IP address. Users can go to Settings > Private and Security > Voice Calls > Peer-to-Peer and click on ‘Never’ option. Changing the settings will lead to the voice calls being routed through Telegram’s servers. It will not show the IP address in the console logs but users will experience a slight degradation in audio quality.
According to the security researcher Dhiraj who talked to Bleeping Computer, while you can disable Peer to peer calls in iOS and Android, there is no such option in the desktop client of the app and its Windows application. Users of the windows application and desktop client cannot do anything to stop the leakage of their IP address.
Dhiraj reported the issue to Telegram and gained a bounty reward in return. The Telegram has fixed the issue in 1.3.17 beta and 1.4.0 versions of Telegram for desktop. The newer versions, now, have the option to disable P2P calls.