Researchers at software company Symantec exposed a vulnerability which lets hackers change media files in the Android versions of encrypted messaging apps WhatsApp and Telegram.

The flaw, known as Media File Jacking, takes advantage of the apps’ use of external storage for media files and data.

In a blog post, Symantec CTO Yair Amit and software engineer Alon Gat explained that unlike internal storage, which is only accessible to the app itself, external storage presents an opportunity for files to be altered by other apps and users.

This particular attack occurs in the small window of time between when files are received by the device and loaded into the apps’ interface for users to view, during which hackers can manipulate images, payment information and audio messages.

“Think of it like a race between the attacker and the app loading the files. If the attacker gets to the files first – this can happen almost in real time if the malware monitors the public directories for changes – recipients will see the manipulated files before ever seeing the originals.”

The vulnerability is present in WhatsApp for Android by default and is possible on Telegram for Android when the “save to gallery” feature is enabled. The researchers said the issue is “especially concerning in light of the common perception that the new generation of IM apps is immune to content manipulation and privacy risks”.

However, in a statement to The Verge, WhatsApp said it has “looked closely at this issue” and insisted it “follows current best practices provided by operating systems for media storage and looks forward to providing updates in line with Android’s ongoing development”.