Back to Home

Cloudflare removed Spyware from Telega: incident details

Cloudflare removed Spyware status from Telega domains after verification. Developers are restoring TLS certificate and seeking return to App Store. Incident related to automatic classification and MITM accusations, but MTProto legitimacy confirmed.

Telega is clean: Cloudflare removed spyware label
Advertisement 728x90

Cloudflare Removes Spyware Label from Telega Domains After Review

Cloudflare has lifted the "spyware" (Spyware) status from the domains of the alternative Telegram client Telega: telega.me, api.telega.info, and telega.info. The developers quickly provided data confirming use of the official Telegram API and MTProto protocol. The incident lasted a day and a half, after which the classification was removed.

This unfolded amid a chain reaction: the label in Cloudflare Radar prompted GlobalSign to revoke the TLS certificate, disrupting HTTPS connections. The team is now finalizing certificate restoration and awaiting Apple's decision on reinstating the app in the App Store.

Background

On April 9, 2026, Apple removed Telega from the App Store. Searches now show a "requested page not found" message. The app remains available in Google Play and RuStore.

Google AdInline article slot

Developers attribute the removal to negative reviews stemming from the waitlist feature—introduced to combat server overload from a user surge. Apple likely saw the reviews as signals of violations.

Earlier, on March 20, 2026, an anonymous article titled "Technical Analysis of MITM Attack in Telega Client" claimed that on March 18, a hidden feature was activated to intercept traffic between the client and Telegram servers via the Telega proxy. This may have triggered Cloudflare's automatic classification.

Automatic systems like Cloudflare Radar evaluate domains based on network patterns, including analytics and interactions. Such labels don't always signal real threats and rely on heuristics.

Google AdInline article slot

Technical Details of Telega

Telega is an open-source Telegram client fully compliant with the official API. The MTProto protocol provides end-to-end encryption for secret chats and secure connections.

Key features:

  • Integration with Telegram Bot API for automation.
  • Support for MTProto 2.0 with traffic obfuscation.
  • Minimalist UI without unnecessary dependencies.

Despite MITM accusations, developers stress that traffic is not decrypted—the proxy merely relays encrypted packets. The claims in the March 20 article have not been verified by independent audits.

Google AdInline article slot

Restoring the TLS certificate is critical for HTTPS. GlobalSign revoked it based on the Cloudflare signal, but status will be reinstated post-verification.

Key Takeaways

  • Cloudflare confirmed the safety of Telega domains within a day and a half.
  • TLS certificate restoration is underway; HTTPS connections will resume soon.
  • App Store: awaiting Apple's response; app available in Google Play and RuStore.
  • Telega uses official MTProto without intercepting data.
  • Automatic classifiers respond to network patterns, not code.

— Editorial Team

Advertisement 728x90

Read Next