Slashdot Mirror

← Back to Stories (view on slashdot.org)

Snapchats Don't Disappear

Posted by timothy on from the un-disappearing-ink dept.

Mobile photo-sharing app SnapChat has one claim to fame, compared to other ways people might share photos from their cellphones: the photos, once viewed, disappear from view, after a pre-set length of time. However, it turns out they don't disappear as thoroughly as users might like. New submitter nefus writes with this excerpt from Forbes: "Richard Hickman of Decipher Forensics found that it's possible to pull Snapchat photos from Android phones simply by downloading data from the phone using forensics software and removing a '.NoMedia' file extension that was keeping the photos from being viewed on the device. He published his findings online and local TV station KSL has a video showing how it's done."

19 of 85 comments (clear)

  1. But on Colbert by Anonymous Coward · · Score: 2, Funny

    The two douches who made it said it deletes it off the internet forever.

    1. Re:But on Colbert by neverwhere9 · · Score: 2

      They also said people use it to "talk," whereas if people really wanted to see each others faces, they'd use Skype. It's really a pointless app. It's boring to use to talk, and people can take screenshots of sexy pics.

    2. Re:But on Colbert by BasilBrush · · Score: 3, Funny

      People need to realize that nothing that you send to another person can ever be guaranteed to "self-destruct".

      Sure it can. I've seen it on Mission Impossible.

  2. Keep it in memory by nzac · · Score: 4, Insightful

    How hard could it be to store it in RAM as it is received and then zero out the memory when finished. Sure it is not remotely hack proof but at least when it is broken you can only get new photos.

    Or if you don't have the RAM to store the pic store an encryption key.

    1. Re:Keep it in memory by Shikaku · · Score: 4, Interesting

      Actually I do know how much it is.

      It's like 6MB, at worst. While it isn't enough for an uncompressed image, most JPEGS fall under the size limit of this.

      http://ryanolson.wordpress.com/2010/07/13/test-how-changing-the-max-amount-of-memory-per-vm-heap-can-effect-your-rom-cyanogen/

    2. Re:Keep it in memory by Osgeld · · Score: 2

      whats the difference, its not 1983 anymore, you dont run one app and shut off your machine, when was your phone rebooted last? why cant they just zero out the flash memory, what is your point of RAM, if they are not going to delete it off your phone what makes you think they are going to delete it off their SERVERs

  3. Re:Never trust an "app" to do anything. by Black+Parrot · · Score: 3, Insightful

    If you wanted actual security, you'd use a real program to do it instead of an app.

    If you wanted actual security, you wouldn't have it on a computer.

    --
    Sheesh, evil *and* a jerk. -- Jade
  4. FUD by az1324 · · Score: 3, Informative

    "However, once the photo is opened, and the timer goes off, Snapchat does in fact delete the photo."

    http://techcrunch.com/2013/05/09/actually-snapchat-photos-are-just-as-deleted-as-any-other-file-you-trash/

  5. Re:Never trust an "app" to do anything. by Anonymous Coward · · Score: 4, Insightful

    If you wanted actual security, you'd use a real program to do it instead of an app.

    If you wanted actual security, you wouldn't have it on a computer.

    If you wanted actual security, you wouldn't send it to someone else's computer.

  6. Wut. by WedgeTalon · · Score: 3, Insightful

    Forensics software? Just open up the folder. I mean, you have to rooted, but that's not really weird. Look, here's someone talking about getting pics and vids before even viewing them in Snapchat. Back in March. If you have to output something to the user, they're going to have to be able to get at it one way or another.

  7. Re:Super DURRRRRRRRR! by jtownatpunk.net · · Score: 2

    I don't see how notifying the sender does anything to change the fact that I now have a permanent copy of their junk. Or I could get a 3rd party screen capture program that doesn't inform anyone that the images has been saved.

  8. Title is Spot-On Accurate! by Warhawke · · Score: 3, Informative

    Wooh, another completely incorrect Slashdot title for the win. Because the pics DO disappear when you open them. Both from your phone and their servers. There's just an exploit where rooted phones can view/copy the pictures before they are opened/deleted. "Don't disappear" =/ discretely copyable.

    1. Re:Title is Spot-On Accurate! by Jah-Wren+Ryel · · Score: 2

      > Because the pics DO disappear when you open them. Both from your phone and their servers
      > There's just an exploit where rooted phones can view/copy the pictures before they are opened/deleted.

      No. This is explicitly about recovering the images AFTER they have been viewed. Grabbing them before they have been viewed is old news.

      This guy has proved that "deleted" just means renamed and pending actual delete. Even then it sounds like an undelete file tool could get some back. Snapchat should be overwriting the files instead of just renaming them and queuing for delete in the future...

      --
      When information is power, privacy is freedom.
    2. Re:Title is Spot-On Accurate! by Gaygirlie · · Score: 3, Insightful

      Snapchat should be overwriting the files instead of just renaming them and queuing for delete in the future...

      No. Due to wear-leveling and the likes that is not good enough for data that is supposed to be gone forever. The correct way would be for the app to generate a random encryption key in RAM, encrypt the file with that, save the file to the filesystem but keep the key in RAM, and when the app is done with the file it should overwrite the encryption key -- with proper encryption there is no way of reversing the encryption in any sort of a reasonable amount of time (1000 years) without the key.

  9. Re:Super DURRRRRRRRR! by JabberWokky · · Score: 5, Insightful

    They'd likely be in your social circles, too, so you'd catch shit for your evil deed.

    Thank goodness that people sending photographs of their genitals to other people don't have any impulsive friends, make poor choices in who to hang out with, or have ever befriended random people on the net and quickly deem them friends.

    Teens in particular are well known for making choices based on long term thinking and a strong sense of never engaging in revenge or social warfare. First world schools are a shining beacon on the hill for compassion, empathy and an overwhelming sense of equality and egalitarian concern for the mental well being of others. You are right: these people would never engage in behavior that damaged another peer. Skilled bullies and social climbers are never popular in middle school and high school, and embarrassing events are quickly hushed up.

    --
    "$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
  10. Re:I don't get it by gweihir · · Score: 2

    And then they trust something like this? "Digital natives", my ass. If that is really the use case for this thing, then people have even less of a clue today.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  11. Re:Never trust an "app" to do anything. by beelsebob · · Score: 2, Insightful

    Apps are worthless pieces of junk that never do anything correctly.

    If you wanted actual security, you'd use a real program to do it instead of an app.

    Sorry, but what's the difference? You do realise that App is short for "Application", i.e. what apple calls every program on your machine. On OS X (and iOS) the equivalent to the .exe extension is .app.

  12. Easy fix! by closer2it · · Score: 5, Funny

    All they need to do is create the ".NoMediaNoMedia" file. This will keep the photos and the file ".NoMedia" from being viewed on the device.

  13. Re:Never trust an "app" to do anything. by tsa · · Score: 3, Insightful

    Yep. He means: "Do not feed me. I'm a troll."

    --

    -- Cheers!