Telegram, the popular messenger with 800 million monthly active users worldwide, is inching closer to adopting an ecosystem strategy that is reminiscent
This actually is not a bad thing. If an unofficial client MITM the whole registration process, it’s much harder for the true account owner to prove that he/she is the legit one.
Also, it doesn’t really require a client to register; Telegram can be accessed from a browser.
If unofficial app can MITM registration, it can the same way MITM login later.
doesn’t require a client
A side note, JavaScript app in the browser is as much an app as Java/Kotlin on Android. But I know websites and web-based applications are now so mixed together it sometimes can confuse me too.
And browser version of Telegram does not allow registering new accounts also.
Compared to login, MITM on registration means the culprit knows the IP address and the time of the registration, which is usually significant on claiming the account back.
I don’t have a spare number to test, but I’m pretty sure entering a phone number in the web sends SMS. Do you have concrete evidence that it really doesn’t work?
This actually is not a bad thing. If an unofficial client MITM the whole registration process, it’s much harder for the true account owner to prove that he/she is the legit one.
Also, it doesn’t really require a client to register; Telegram can be accessed from a browser.
If unofficial app can MITM registration, it can the same way MITM login later.
And browser version of Telegram does not allow registering new accounts also.
Compared to login, MITM on registration means the culprit knows the IP address and the time of the registration, which is usually significant on claiming the account back.
I don’t have a spare number to test, but I’m pretty sure entering a phone number in the web sends SMS. Do you have concrete evidence that it really doesn’t work?
Unfortunetly not, I must test it also.