"We are abusing a well-known feature of deleting messages here, which allows users to delete messages which are sent by mistake or genuinely to any recipient. It was observed that once the message (image) is sent to the recipient, it still remains in the internal USB storage of the recipient which is located at `/Telegram/Telegram Images/` path", Mishra said.
"Telegram is a messaging app which focuses more on privacy files here, nevertheless, I reported this to the Telegram security team and followed the responsible disclosure guidelines, and a fix was pushed for this issue in version 5.11 in Telegram for Android. Also, I was awarded a bounty of 2,500 euros [$2,760]", he added.
The statement comes after Telegram updated on 9 September its app to version 1.8.4 for iOS and version 5.11 for Android, saying it would feature "bug fixes and other minor improvements".
Telegram currently has over 10,000,000 downloads on the Google Play Market for Android and is ranked as the number two social networking app on the App Store for iOS.