Though Snapchat has been picked on, picked apart, and blown up in the media, the technical aspects of the service are still somewhat mysterious to the average user. A new research report from a company called Decipher Forensics is looking to shed a little light on how the service “deletes” photos you send through Snapchat.
According to Decipher, Snapchat photos are renamed with a .jpgnomedia extension to hide that photo from your phone, under /data/data/com.snapchat.android. The computer forensics company claims that they can retrieve these photos both before and after they’ve expired within the app.
The only catch is that you need to use their $9,000 forensic software, and you’re in luck! They’re only charging $300 to $600 to do so.
This is what we, in the media industry, like to call FUD. Or worse, FUD to drive sales.
Here’s the scoop.
Decipher’s findings only relate to rooted Android smartphones, and require the use of this special, expensive forensic software. When Phil and Jerry tried to break into a rooted HTC One to see all the dirty snaps hiding under the surface, they actually found that you can only retrieve Snapchat photos before they’ve expired.
In fact, Snapchat does rename the file when its sent to your phone. First, the sender takes the picture, which is sent to Snapchat servers, and then delivered to the phone. Once the photo is delivered to the recipient, Snapchat deletes that photo off of its servers, so the only alternative is that it’s stored locally on the phone.
To keep it from showing up in your gallery or elsewhere, Snapchat hides the photo with the .jpgnomedia extension that Decipher mentioned. As Phil explained, “Snapchat has to see the photo to serve up to you, right?”
Jerry and Phil confirmed that, on a rooted phone, while the photo is delivered but still unopened, users can absolutely delve into the file system and retrieve, rename, and view these photos. This app helps. That’s what happens when you root your phone and open it up.
However, once the photo is opened, and the timer goes off, Snapchat does in fact delete the photo. Phil and Jerry confirmed that they could no longer retrieve photos once they were expired.
Decipher argues that those photos aren’t deleted, and remain renamed with the .jpgnomedia extension even after they expire. But, our own digging proved otherwise. Phil and Jerry said that once the photo expired on Snapchat, the “original file in the protected data folder was no longer available, and was deleted.”
Of course, a company like Decipher can still retrieve photos once they’ve expired because they have the software to do so. The same software that retrieves deleted child porn from pedophiles computers, and the same software that digs through digital trash cans for incriminating bank statements, emails, etc.
But your average Joe, or even AndroidCentral tinkering wizards, can’t actually dig into the phone and find all the embarrassing snaps you’ve sent them.
This comes down to the nature of deletion. When you delete something from your computer, it’s not actually gone. No, not even if you empty the trash can. Instead, the file is re-designated (much like Snapchat renames photos that haven’t been opened) to make it so that photo is non-viewable, and doesn’t surface in the Finder.
It’s not until the bits that comprise the file, a series of 1′s and 0′s, are written over that the file is actually gone, and replaced with something new.
So, if you delete a picture on your computer, and empty the trash can, I would have a tough time finding that picture. Decipher Forensics? It would take them no time at all.
Here’s what Snapchat co-founder Evan Spiegel had to say in a snarky response to Decipher’s findings:
There are many ways to save snaps that you receive. The easiest way is to take a screenshot or take a photo with another camera. Snaps are deleted from our servers after they have been viewed by the recipient.
Long story short, don’t panic. And chew on this: Snapchat wasn’t built to be a super secure messaging platform. The whole reason for the self-destructing pictures isn’t to keep your titty shots safe; it’s to create a new type of sharing wherein you live in the moment, not in the digital footprint you leave behind.