Skip to content

[ux]: Telegram integration has no documented scope or permission request boundary — users connecting personal Telegram accounts have no in-app disclosure of what data is accessed or stored #440

Description

@prince-pokharna

Labels: privacy, ux, priority: medium

Summary

ARVIO's feature list includes: "Optional Telegram integration for searching video files in your own connected channels and groups." PRIVACY.md is present in the repo but the described Telegram feature introduces a data-access surface that needs explicit in-app disclosure beyond a privacy policy document:

  • Connecting a Telegram account grants the app access to the Telegram API for that user's session — which, depending on implementation (TDLib vs. Bot API vs. MTProto), may provide read access to all channels and groups the user is a member of, not just media-specific ones.
  • Users on Android TV using a D-pad interface cannot easily navigate to PRIVACY.md before granting Telegram access — the consent moment is the in-app connection flow, not a linked document.
  • There is no documented mechanism for revoking the Telegram session from within ARVIO itself (only from Telegram's own "Active Sessions" settings), creating a confusing offboarding experience.

This is a genuine UX and privacy concern independent of whether the implementation is technically sound — the disclosure at the point of consent is what's missing.

Proposed solution

  • Add a one-screen "What ARVIO accesses in Telegram" disclosure shown before the Telegram connection flow is initiated, clearly stating: which API permission scope is requested (read messages / media only, or broader), whether any message content is cached locally or sent to ARVIO servers, and how to revoke access.
  • Add an in-app "Disconnect Telegram" option in the ARVIO settings that terminates the active Telegram session for ARVIO specifically — linking out to Telegram's session management page if full revocation requires it.
  • Update PRIVACY.md with a dedicated "Telegram Integration" section describing the data accessed, retention period, and revocation steps.

I'd like to be assigned this issue. I'd scope the disclosure screen UI and the in-app disconnect action as the implementation PR, with the PRIVACY.md update bundled in.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions