Labels: privacy, ux, priority: medium
Summary
ARVIO's feature list includes: "Optional Telegram integration for searching video files in your own connected channels and groups." PRIVACY.md is present in the repo but the described Telegram feature introduces a data-access surface that needs explicit in-app disclosure beyond a privacy policy document:
- Connecting a Telegram account grants the app access to the Telegram API for that user's session — which, depending on implementation (TDLib vs. Bot API vs. MTProto), may provide read access to all channels and groups the user is a member of, not just media-specific ones.
- Users on Android TV using a D-pad interface cannot easily navigate to
PRIVACY.md before granting Telegram access — the consent moment is the in-app connection flow, not a linked document.
- There is no documented mechanism for revoking the Telegram session from within ARVIO itself (only from Telegram's own "Active Sessions" settings), creating a confusing offboarding experience.
This is a genuine UX and privacy concern independent of whether the implementation is technically sound — the disclosure at the point of consent is what's missing.
Proposed solution
- Add a one-screen "What ARVIO accesses in Telegram" disclosure shown before the Telegram connection flow is initiated, clearly stating: which API permission scope is requested (read messages / media only, or broader), whether any message content is cached locally or sent to ARVIO servers, and how to revoke access.
- Add an in-app "Disconnect Telegram" option in the ARVIO settings that terminates the active Telegram session for ARVIO specifically — linking out to Telegram's session management page if full revocation requires it.
- Update
PRIVACY.md with a dedicated "Telegram Integration" section describing the data accessed, retention period, and revocation steps.
I'd like to be assigned this issue. I'd scope the disclosure screen UI and the in-app disconnect action as the implementation PR, with the PRIVACY.md update bundled in.
Labels: privacy, ux, priority: medium
Summary
ARVIO's feature list includes: "Optional Telegram integration for searching video files in your own connected channels and groups."
PRIVACY.mdis present in the repo but the described Telegram feature introduces a data-access surface that needs explicit in-app disclosure beyond a privacy policy document:PRIVACY.mdbefore granting Telegram access — the consent moment is the in-app connection flow, not a linked document.This is a genuine UX and privacy concern independent of whether the implementation is technically sound — the disclosure at the point of consent is what's missing.
Proposed solution
PRIVACY.mdwith a dedicated "Telegram Integration" section describing the data accessed, retention period, and revocation steps.I'd like to be assigned this issue. I'd scope the disclosure screen UI and the in-app disconnect action as the implementation PR, with the PRIVACY.md update bundled in.