Cloudflare Removes Spyware Label from Telega Domains After Review
Cloudflare has lifted the "spyware" (Spyware) status from the domains of the alternative Telegram client Telega: telega.me, api.telega.info, and telega.info. The developers quickly provided data confirming use of the official Telegram API and MTProto protocol. The incident lasted a day and a half, after which the classification was removed.
This unfolded amid a chain reaction: the label in Cloudflare Radar prompted GlobalSign to revoke the TLS certificate, disrupting HTTPS connections. The team is now finalizing certificate restoration and awaiting Apple's decision on reinstating the app in the App Store.
Background
On April 9, 2026, Apple removed Telega from the App Store. Searches now show a "requested page not found" message. The app remains available in Google Play and RuStore.
Developers attribute the removal to negative reviews stemming from the waitlist feature—introduced to combat server overload from a user surge. Apple likely saw the reviews as signals of violations.
Earlier, on March 20, 2026, an anonymous article titled "Technical Analysis of MITM Attack in Telega Client" claimed that on March 18, a hidden feature was activated to intercept traffic between the client and Telegram servers via the Telega proxy. This may have triggered Cloudflare's automatic classification.
Automatic systems like Cloudflare Radar evaluate domains based on network patterns, including analytics and interactions. Such labels don't always signal real threats and rely on heuristics.
Technical Details of Telega
Telega is an open-source Telegram client fully compliant with the official API. The MTProto protocol provides end-to-end encryption for secret chats and secure connections.
Key features:
- Integration with Telegram Bot API for automation.
- Support for MTProto 2.0 with traffic obfuscation.
- Minimalist UI without unnecessary dependencies.
Despite MITM accusations, developers stress that traffic is not decrypted—the proxy merely relays encrypted packets. The claims in the March 20 article have not been verified by independent audits.
Restoring the TLS certificate is critical for HTTPS. GlobalSign revoked it based on the Cloudflare signal, but status will be reinstated post-verification.
Key Takeaways
- Cloudflare confirmed the safety of Telega domains within a day and a half.
- TLS certificate restoration is underway; HTTPS connections will resume soon.
- App Store: awaiting Apple's response; app available in Google Play and RuStore.
- Telega uses official MTProto without intercepting data.
- Automatic classifiers respond to network patterns, not code.
— Editorial Team
No comments yet.