Telegram’s macOS desktop app has been leaking both public and private IP addresses while making voice calls. The same flaw was present in Telegram for Desktop on other platforms, as well as in Telegram for Windows …
Inputzero explains that the desktop apps didn’t allow users to disable the peer-to-peer call option which created the vulnerability.
Telegram is supposedly a secure messaging application, but it forces clients to only use P2P connection while initiating a call, however this setting can also be changed from “Settings > Privacy and security > Calls > peer-to-peer” to other available options. The tdesktop and telegram for windows breaks this trust by leaking public/private IP address of end user and there was no such option available yet for setting “P2P > nobody” in tdesktop and telegram for windows.
Telegram has addressed this by offering the option to disable peer-to-peer calls in version 4.1.