Telegram Deleted Message 真係 deleted?

唔通係魔法?

telegramsecop

April 05, 2022

Disclaimer

以下分析以 Creative Commons CC0 1.0 Universal 發佈。當中最重要兩點,本人希望喺呢度指出:

  • 除非另有明示聲明,以著作結合本標章之人,對著作並不負擔保,對於此著作之所有使用亦不承擔責任,此免責聲明在法律允許的範圍內做最大程度的適用。

  • 當使用或引用該著作時,不得暗喻作者或指認該著作之人,為你的行為背書。

當然以上兩點並唔係完整嘅條款,如果有爭議,一概以 Creative Commons CC0 1.0 Universal 英文原文為準: https://creativecommons.org/publicdomain/zero/1.0/legalcode

另外,本人唔包保以下分析準確,亦絕不建議作出任何違反 Telegram 使用條款嘅行為。

分析

有人問 Telegram 嘅 Deleted message 可以點 save? 以下會用一個簡單嘅情景解釋。

Amy 喺佢嘅 Telegram App 度,㩒一下某個 message,再㩒一下 Delete。

然後嗰個 message 喺 Billy 個 Telegram App 消失。

中間其實發生咩事?係咪魔法?我哋可以睇下 Telegram 官方 app 嘅 code。

https://github.com/DrKLO/Telegram

當 Amy 㩒 Delete,其實係向 Billy 嘅 app 發出 delete message 嘅指令 。由收到指令去到 delete message 會發生呢啲事: (唔想睇 code 直接跳去呢度)

  1. GcmPushListenerService 會由 Google Cloud Messaging (GCM) 嘅 server 收到 “MESSAGE_DELETED” 嘅 update,然後 call 一個叫 deleteMessagesByPush 嘅 java method:

    Java method 係乜?係一個可以有好多指令喺入邊嘅物體,令 programmer 可以重復使用,唔使不斷 copy & paste. 使用 method 嘅動作叫 「call」。

    MessagesController.getInstance(currentAccount).deleteMessagesByPush(dialogId, ids, channel_id);

    source

  2. deleteMessagesByPush 又會 call markMessagesAsDeleted:

    ArrayList<Long> dialogIds = getMessagesStorage().markMessagesAsDeleted(dialogId, ids, false, true, false);

    source

  3. markMessagesAsDeleted 會 delete 同嗰個 message 嘅 media (包括 相、片、文件, etc) 同埋其他有 quote 到佢嘅地方,然後 delete message 本身。

    markMessagesAsDeleted 起始點:

    public ArrayList<Long> markMessagesAsDeleted(long dialogId, ArrayList<Integer> messages, boolean useQueue, boolean deleteFiles, boolean scheduled) {

    source

    message 正式由 telegram app 消失:

    database.executeFast(String.format(Locale.US, "DELETE FROM messages_v2 WHERE mid IN(%s) AND uid = %d", ids, did)).stepThis().dispose();

    source

    database.executeFast(String.format(Locale.US, "DELETE FROM messages_seq WHERE mid IN(%s)", ids)).stepThis().dispose();

    source

啫係點

啫係,個 app 會跟據指令,去 delete Telegram app 入面嘅訊息。

啫係,係有人可以整個唔 del message 嘅 telegram app 出嚟。Telegram 喺呢個 code repo 嘅主頁咁講:

We welcome all developers to use our API and source code to create applications on our platform. There are several things we require from all developers for the moment.

  1. Obtain your own api_id for your application.
  2. Please do not use the name Telegram for your app — or make sure your users understand that it is unofficial.
  3. Kindly do not use our standard logo (white paper plane in a blue circle) as your app’s logo.
  4. Please study our security guidelines and take good care of your users’ data and privacy.
  5. Please remember to publish your code too in order to comply with the licences.

啫係 Telegram 係開放俾唔同嘅人去自製自己嘅 app ,但係 developer 應該要遵守條款。之但係……真係所有人都會跟?Telegram 有作出反制:

Due to excessive abuse of the Telegram API, all accounts that sign up or log in using unofficial Telegram API clients are automatically put under observation to avoid violations of the Terms of Service.

啫係你一用 Telegram 嚟整 app,就 Telegram 會觀察嗰個 app 嘅用家有冇曳曳。但係只限 excessive abuse i.e. 濫用。

Telegram 點知有冇人濫用?佢冇講明,但係離唔開呢兩點:

  1. 有人 report spam / scam,而 Telegram 發現 spmamer / scammer 用嘅係 custom app
  2. 有人公開咗違反條款嘅自製 app

只係用自製 app mon po,唔公開唔 spam 人,並唔會觸發到上面兩點,啫係 Telegram 跟本唔會知。

結論

改裝咗嘅 Telegram app 冇 del message , Telegram 係唔會知㗎。

所以唔好天真以為 del 咗 message 就冇人睇到呀。