Functionality
To start setting up the app, select "Settings", then "Privacy". In the "Security" section, select "Passcode". Think of and enter four digits (or click on the button in the form of 3 dots in the upper right corner, select "Use password" and enter a character set). The "Passcode Lock" screen appears.
To lock the app immediately when the application is minimized, change the auto-block after 1 minute to auto-block after 1 second. If auto-lock was set to 1 second, then if you enter a fake passcode, it will change to 1 minute.
In the original app, a timer appears after several unsuccessful attempts to enter the passcode. The first delay is 5 seconds and increases after each unsuccessful attempt. The maximum delay is 30 seconds. Unfortunately, this delay may not be sufficient. To find out a digital passcode it is necessary to pick it up continuously for 3.5 days. This is a difficult but realistic task.
If Brute Force Protection protection is enabled, after 8 unsuccessful login attempts the app will reject the passcode within 15 minutes. This does not visually change anything. So, an intruder can try to guess the passcode every 30 seconds, but even the correct set of digits will be rejected. 15 minutes after the locking starts the app will allow login. If the passcode is wrong, PTelegram will be locked again for 15 minutes.
If this option is active, each time you lock the app by pressing the lock button above the dialog list, the cache will be cleared. In this case, if the application is manually locked, an attacker will not be able to access cached photos and other data without logging into the application.
The app stores information about failed passcode attempts. This can be viewed in the passcode settings under "Bad Passcode Attempts". "App Login" means that the passcode was entered when logging in to the app. "Settings Login" means that the passcode was entered when logging in to the passcode settings. If the passcode was fake, the corresponding text will be shown. Information about logging in with a fake passcode is always saved, even if it was possible to log in with it.
It is possible to set up photography with the main camera, front camera or both cameras. In this case, after an unsuccessful login attempt, an entry will be added to the log along with photos. To save to the gallery, long press the photo. This function may not work correctly! Sometimes a photo may not be taken or a photo from only one camera may be saved. This function can be dangerous! Sometimes a sound may be produced during taking a photo. If the front camera is pop-up, an intruder may suspect that the app has taken a photo. Ensure in advance that the function works correctly on your device!
To add a fake passcode, open the "Passcode Lock" screen, scroll to "Fake passcodes", select "Add fake passcode". Think of and enter a password to be used in an emergency (or some other) situation. You will be taken to the "Fake Passcode" screen. You can delete this fake passcode by clicking on "Delete Fake Passcode" at the bottom of the screen. Fake passcodes will be in the same form as the original: either numeric (4 digits) or character (any character set).
By default, a fake passcode allows you to sign in to the app, but you can change this. If the login is denied, all configured actions will be performed, but the attacker will see that the passcode he entered did not work.
If there is a chance that intruders can gain access to the real passcode, this option will prevent them from knowing what settings the fake passcode had (which messages were deleted, which channels, chats, dialogs were deleted).
Activating this option will delete all other fake passcodes.
You can setup an activation message for a fake passcode. When this message is received, the configured actions will be executed. In this way, the fake passcode can be activated remotely by a user who knows the message to be sent. The message can be received from any contact and in any chat. The activation also occurs when a push notification with the activation message is received.
This function may not work correctly! The message can be received at different moments of the application or even when the application is closed. Depending on this, some actions may not be executed or may not be executed correctly. This must be considered during configuration.
For a fake passcode, you can set the number of failed passcode attempts after which actions will be executed.
A fake passcode can be activated by a timer after some time of inactivity. The timer starts after closing, minimizing and locking the application. The time when the phone was turned off is also counted by the timer. The timer is reset in the following cases:
- An application was opened and it was not locked with a passcode. For example, if auto-lock has not been enabled or has not yet been triggered.
- The application was unlocked with any passcode, including a fake one. Entering an incorrect passcode will not reset the timer.
If several fake passcodes are set to activate by timer, they will be activated one by one, in ascending order of timer time. If a fake passcode is activated with a set timer (even if the activation of the passcode was not by timer, but by entering a fake passcode manually), other fake passcodes will be activated by timer only if they have more time to activate, than the current passcode.
This feature may not work properly. The timer may not work if the app was closed when the timer expires, or if the system settings restrict app background activity. For the function to work correctly, it is recommended to disable the battery usage restrictions of the application and do not close it. It is recommended to disable the app's battery usage limits and keep it open for the feature to work properly.
A fake passcode can be activated when you scan your fingerprint. This feature is not available if fingerprint activation is disabled in the master passcode settings. Fingerprint activation can only be configured for one fake passcode.
The app saves downloaded images, videos, audio, and voice messages to the phone memory. An intruder can easily access them. To avoid this, the cache can be cleared when a fake passcode is entered.
This feature can lower the masking of the application! If the cache is cleared, the app will re-download user photos, chats, chat media. This can help an intruder realise that the login was with a fake passcode. However, we still recommend using this feature, as the consequences of not clearing the cache could be worse.
The proxy list may contain proxy addresses that can be used to find out some information about a person. For example, if the list contains cyber partisan proxy addresses, the person may have been subscribed to the relevant channel. Clearing the proxy list can help avoid disclosure in this way. Clearing proxies is done last. This means that other network related actions (sending messages, terminating other sessions) will be performed through the proxy if it has been connected.
To set up actions for accounts, add a fake passcode or select an existing one. Scroll down the screen to "Actions for accounts". Select an account. This opens a screen where you can set the actions for the selected account when you enter a fake passcode. Different actions can be set up for each account.
You can back up a fake passcode so you can restore it later. This option may be needed after reinstalling the application, switching to a new device, or deleting the passcode. The backup is a set of characters that contains the encrypted data of a fake passcode. The encryption key is the passcode itself. This backup string must be copied and stored in a safe place.
To recover the fake passcode, you must click on the "Recover Fake Passcode" button, which is located under the list of fake passcodes, insert the fake passcode backup string and enter the corresponding passcode.
If a fake passcode is entered, a message may be sent to a Telegram contact. Once sent, the message is deleted. Deleting the chat will not prevent the message from being sent.
Add geolocation. If you select this option, geolocation will be added to the message. The option will not be available if the app has not been given permission to retrieve the location. For masking purposes, at the time of sending, the app does not determine the location, but uses a cached data. That is, if the user has recently opened the maps application, the location will be sent, which was at the time of opening. This means that if the maps were opened a long time ago, the geolocation will be out of date. Also the geolocation may not be added to the message.
If this option is set, a fake phone number will be displayed when logging in with a fake passcode.
Entering a fake passcode can delete specified dialogs, chats, and channels. If the dialog was a chat rather than a single user dialog, the deletion will exit it. It is also possible to set additional deletion settings:
- Deleting from Companion. By default, dialogues from a companion are not deleted. This option applies only to dialogs with users, not to chats or channels.
- Delete New Messages. After deleting a dialog with a user, new messages from that user will be deleted when you receive them. If you leave this option selected for the Telegram service account, no login codes will be displayed in the app. Messages will not be deleted from chat partners. This setting may lower the masking of the app! Deleting a chat with the Telegram service account may cause an intruder to realise that the app has been modified. Unless an intruder has information that a message is to come from the user, it is safe to leave this setting. Otherwise, it is better to disable it. This option applies only to dialogs with users and bots, not to chats or channels.
- Delete All My messages. This option allows you to delete all the user's messages in a chat before logging out. If messages are not deleted, an intruder may retrieve them even though you have logged out of the chat. On the other hand, deleting all messages from a chat room may make users who are in the chat room suspicious. It is therefore worth activating this setting depending on the circumstances. This option applies only to chats, not to user dialogs or channels.
- Hide. Instead of deleting a conversation, chat, or channel, you can hide it. In this case, the chat will not be deleted and it will not be exited. Instead, it will be hidden from all lists in the app while correspondent fake passcode is activated. After logging in with a valid passcode these chats will reappear in the app. This is useful if you don't want to delete or exit the chat. This setting is not secure! There is no guarantee that a chat will be hidden from all lists in the app. It may be visible in some places. If possible, it is better to use deletion than hiding.
If a fake passcode is entered, contacts with other users can be deleted.
If a fake passcode is entered, all sets of stickers can be deleted.
If this option is activated, logging in with a fake passcode will clear the search history for chats and hashtags.
If this option is activated, the blacklist will be cleared after a fake passcode is entered.
If the option is activated, entering a fake passcode will log you out of your Telegram account on this device. With this function, you can make some accounts hidden. They will appear in the list of accounts when you log in with a regular passcode. Logging in with a fake passcode will log out of the hidden accounts and an intruder will not know of their existence. This feature is similar to the idea of a double bottom. The only difference is that when using false bottom, there is no need to re-login to the hidden account.
This function can lower the masking of the application! If all accounts have been logged out, the initial login window will be displayed. This may help an intruder to know that a modified application is in front of him. It is highly recommended to sign out only part of the accounts. In this case the masking is not reduced.
This feature will not be enabled when you re-login to your account! If you log out of your account (due to the activation of a fake passcode or manually) and log in again, you will need to re-enable this option and other passcode settings for the account.
If the option is activated, when a fake passcode is entered, the selected account will be hidden from the list of available accounts. You will not receive any notifications from the hidden account.
There must not be more than 3 accounts left visible in the app after entering the passcode. This means that if there are more than 3 accounts in the app, some of them must be set to log out or hidden. The app will automatically configure hiding for the required number of accounts. You can always change these settings yourself.
The app will not allow you to hide all accounts or leave more than 3 accounts visible. In addition, it is highly undesirable to set the hiding for 3 or more accounts, as it reduces the masking of the app.
This setting is not secure! There is no guarantee that an account will be hidden from all lists in the app. Perhaps in some places it can be seen. If possible, it is better to use account logout than hiding.
If the option is activated, entering a fake passcode will log you out of Telegram on the selected devices.
The "Selected" option allows you to select specific sessions to end. If new sessions added before the fake passcode is entered, they will not end. The "Except selected" option allows you to select exception sessions that will not end. All other sessions will end when a fake passcode is entered. Including those that will be added after setting up a fake passcode.
Dangerous. If you do not have access to the phone number to which the account is registered, ending all sessions may result in the loss of access to the account.
If the option is enabled, if you enter a fake passcode, the selected sessions will not be displayed on the device from which the passcode was entered.
The "Selected" option allows you to select specific sessions to hide. If new sessions added before the fake passcode is entered, they will not be hidden. The "Except selected" option allows you to select exception sessions that will not be hidden. All other sessions will be hidden if you enter a fake passcode. Including those that will be added after setting up a fake passcode.
When you enter a fake passcode, the saved channels buttons are hidden. If it is necessary to clear the list of stored channels use the appropriate action. in this case, even after entering the real passcode, it will not be possible to know which channels have been saved.
The main feature of the application is fake passcodes, but apart from them there are other features that increase the security and convenience of users. If necessary, such features can be disabled or enabled using Partisan Settings.
Partisan Telegram will notify you about some problems with the security of your account and the application as a whole. Once a month, the application will check and if problems are found, it will offer to check them in the application settings. In addition, security issues can be found in the relevant section of the privacy settings.
The following issues are currently being checked:
- The presence of Root on the device;
- Enabled debugging via USB;
- Disabled cloud password;
- Low privacy settings.
Security issues will disappear from the list as they are resolved. When all problems are eliminated, the offer check them will disappear from the application settings.
You can ignore the problem by clicking on the cross next to it. Ignored issues will no longer appear in the list of issues, and the suggestion to review in the settings will disappear if you ignore all issues found. In order to return ignored issues back to the list, click on the button with 3 dots in the upper right corner and select "Reset Ignored Issues".
The list of security problems is intended to draw your attention to some problems if they exist, and not to convince you of your safety in the absence of them. An empty list does not mean you are safe. Always test potential problems yourself.
Partisan Settings allow you to enable and disable additional functionality of the application. They can be found in the passcode settings. After enabling or disabling certain features, you may need to reopen the window affected by the toggled setting. Some settings, such as "Avatar Disabling", "Chat Renaming", "Saved Channels" offer to clear the data associated with them when disabling.
To change the name of the chat, you need to open its page with the description, click on the button with 3 dots at the top right and select "Change chat name". The changed name will be saved locally and will have no effect on chats on other devices.
This feature is not suitable for interrogation! When unlocking with a fake passcode, the original chat and channel names will be displayed. Therefore this function is not applicable in such a situation. Use deleting chats or logging out of your account in case of a fake passcode instead.
Chat rename buttons can be disabled in the Partisan Settings.
To disable the avatar of a chat you need to open its description page, click the 3 dot button on the top right and select 'Disable avatar'. Please note that if your chat does not have an avatar, you will not be able to disable it. Once disabled, the avatar will be replaced by a circle with one or two letters corresponding to the name of the chat.
This feature is not suitable for interrogation! Chat and channel avatars will not be hidden when unlocked with a fake passcode. Therefore, this function is not applicable in such a situation. Use deleting chats or logging out in case of a fake passcode instead.
Avatar disabling button can be disabled in the Partisan Settings.
To delete all your chat messages, you can press the 3-dot button at the top right of the chat (not in the description of the chat) and select 'Delete messages'.
Buttons for deleting messages from a chat can be disabled in the Partisan Settings.
For advanced deletion options, uncheck "Delete All My Messages". A dialog box will prompt you to enter the line whose occurrence will be checked in the messages. By default, the search is carried out case insensitive. To do a case-sensitive search, select the "Match case" option. To search using regular expressions, select the "Regular expression" option.
If you want to send a message that will be deleted after reading it, take a long press on the send message button. Next to the "Schedule message" and "Send without sound" buttons there will be a menu item called "Delete as read". Select it and set how much time after reading the message should be deleted. Note that the message is deleted by the sender app, not by the Telegram server. This means that if the application from which the message was sent is closed, the message will not be deleted automatically.
The pages of users, chats, channels display their IDs. If a fake passcode is entered, they will be hidden. Alternatively, they can be disabled in the Partisan Settings.
You can use the "Saved channels" tab to read public channels (or chats) without subscribing.
In order to save a channel or chat, you need to select the channels in the dialog list and click on the corresponding item in the menu.
Alternatively, you can save the channel from its window.
Saved channels are stored locally on the device and are not synced across apps. Channels are sorted by date of last post. You can pin some of the channels and sort them in the order you want. The number of pinned channels is not limited.
If you enter a fake passcode, the saved channel buttons will be hidden. If you need to clear saved channels, you must use the Clear saved channels action. If saved channels are not used, they can be disabled in the Partisan Settings.
Technical details. Saved channels are stored as a list of usernames. For example, the Cyber Partisans channel has the username cpartisans. It is present in links like https://t.me/cpartisans and @cpartisans. For this reason, it is not possible to save a private channel, i.e. a channel without a username. If a channel changes username or becomes private, it will disappear from the list.
Setting react can deanonymize a public chat admin if they write anonymously. In order not to accidentally put a reaction, you can disable the ability to install them in the Partisan Settings. In this case, the set reactions will be visible.
By default, "Данное сообщение (материал) создано и (или) распространено иностранным средством массовой информации..." is cut out from the messages and posts of the Russian media. If necessary, this behavior can be disabled in Partisan Settings.
When you lock your phone, you can set the app to minimize or close. If the application is minimized, the home screen will open when unlocking, and Telegram can be found in recent applications. This will allow you not to draw the attention of the attacker to the application. If the "Close" option is selected, when locked, the app will close and will not be available in recent apps. In addition to the main action, you can set up clearing the cache. If cache flushing is enabled, then the main activity will not run until the cache is cleared. This may slightly increase the time after which the application closes. When first activated, the time can increase significantly if the cache is too large.
If this option is enabled, drafts will be cleared when the screen is locked.
The call button can be disabled so that you do not accidentally call the interlocutor during a conversation. The button is disabled only in the dialog window, but remains in the user profile. When you enter a fake passcode, the call button is displayed everywhere.
If the option is activated, the "Delete for all"/"Also delete for the other party" checkbox will be automatically checked in the confirmation window for deleting a dialog or messages.
Partisan Telegram disguised as the official app downloaded from telegram.org and the app icons match that version, not the Google Play version. If you want the app to be disguised as a version of the official app from Google Play, enable the "Google Play App Icons" option in Partisan Settings.
Important! After enabling this option, the application icon will not change everywhere and in some menus it will remain the same as it was when the application was installed, that is, without a white outline. Please note that the app cannot perfectly disguise itself as an official application, and specialists may understand that they are dealing with a modified client.