A new end-to-end encrypted chat feature on the social media platform X does not remove sensitive metadata from images, which could lead to the unintended exposure of information such as GPS coordinates. Straight Arrow News made the discovery after gaining early access this week to the beta version of XChat.
In a controlled test, SAN confirmed that images sent between users retain what is known as EXIF data. Information can include image pixel dimensions, the date a photo was taken and the camera used.
SAN was able to determine that an image sent over XChat was taken with a Google Pixel 8 Pro in the parking lot of the Kansas City airport. The photo was captured on May 12 of this year at 10:45 am.
Jacob Hoffman-Andrews, senior staff technologist at the Electronic Frontier Foundation, told SAN that the presence of EXIF data could lead users to “inadvertently disclose their home, or their current location.”
“Social media sites and chat apps have developed a good norm of stripping metadata by default, which prevents this sort of inadvertent disclosure,” he said. “And people who use those apps have developed an expectation that metadata is stripped. If XChat is failing to strip metadata, it’s putting its users at risk.”
Prominent apps such as Signal, widely considered the gold standard for end-to-end encrypted messaging, remove EXIF data from images by default. A blog post from X detailing the chat feature does not make mention of image metadata.
X did not respond to a request for comment.
No ‘basic protections’
TechCrunch reported on Friday that XChat has caused concern among cryptography experts. Unlike other encrypted apps, which make their code open source to foster transparency and external security reviews, XChat has not made its code publicly available.
And while industry best practices advise that users’ private encryption keys be stored on their own devices, X says it keeps those private keys — which are protected only with a four-digit pin — on its own servers instead.
The social platform acknowledged in its blog post that XChat’s current implementation could allow “a malicious insider or X itself” to access conversations, rendering the end-to-end encryption moot.
“An end-to-end encrypted chat application should be architected in such a way that even the service provider, by design, cannot read the messages, even if they wanted to,” Martin Shelton, the deputy director of digital security at Freedom of the Press Foundation, told SAN. “Right now, it appears XChat does not provide these basic protections.”
XChat also fails to implement what’s known as perfect forward secrecy, which ensures that each message uses a unique encryption key. If the encryption of one message is cracked, perfect forward secrecy ensures that all other messages remain protected.
In the case of XChat, the compromise of a user’s single encryption key would grant an attacker access to all messages, past and present. X says it is working on introducing some form of perfect forward secrecy.
X also says that XChat, which began rolling out in June, does not remove metadata from chats themselves. That means information, including who messaged whom and when, is still available to X. Apps such as Signal do not retain such information.
“It is important to note that while the message content itself is encrypted, associated metadata (e.g., recipient, creation time, etc.) is not,” X wrote. “If Posts are shared in an encrypted chat, X will have a record that those Posts were shared.”
For now, experts caution users to avoid XChat for sensitive conversations.
Cybersecurity professional Ryan Montgomery told SAN he was “absolutely mind blown” that XChat doesn’t strip EXIF data.
