If you though that the end-to-end encryption of Whatsapp or Telegram apps mean that what you do on these platforms is totally anonymous, think again.
The Verge has reported that the media files that you receive on your phone via these apps can be prone to ‘media-file-jacking’. This means that any photo or video that a user receives in the messenger app and gets stored in the external storage can be accessed and manipulated by malware which has access to such storage.
WhatsApp, by default, stores media through external storage, and Telegram does so when the app’s “Save to Gallery” feature is enabled. This is done so that images received on one app can be accessed by another app – like sharing a photo you received on WhatsApp with a photo editing app on your phone. If an app only used internal storage to save images, then it will need to broken into access such files. This security-relaxation thus helps in more functionality.
But this also means malware can even access a media file that you received even before you see it. But you have to understand that this is not a WhatsApp-only issue. Any app that uses external storage to store media is vulnerable to this.