Permanent deletion by default after a predetermined amount of time is the gimmick that drove Snapchat users to upload more than 150 million photos a day in April. Problematically, Snapchat’s promise of permanent deletion may not reflect reality.
According to a piece of research published last week by mobile forensics researcher, Richard Hickman of Decipher Forensics, “snaps” create and locally store what is called metadata (data about data), which could actually be used to recover expired Snapchat photos.
The technical explanation of Hickman’s research is fairly dry, but the gist of his work is that Snapchat stores just enough of this so-called metadata on user-phones that it is possible to rebuild Snapchat photos after they allegedly expire on Android devices. It’s not clear if the photos are recoverable on iOS devices or if Snapchat videos are recoverable. Hickman will need to do more research to determine is these are possible as well.
Obviously, Snapchat won’t last very long if it touts itself as a sender of non-permanent images and videos but actually sends fairly permanent photos and videos. I mean, really, what’s the purpose of a Snapchat without its photo deletion feature? It’s like drinking Four Loko after the Food and Drug Administration put stops to the whole alcoholic-energy-drink thing.
So what should you do? Well, for now, it’s pretty hard to recover expired Snapchat photos. The process is technically demanding and time-intensive and I doubt that any of your knucklehead friends will be able to do it. However, you should have in the past and should continue to assume moving forward that nothing that happens online is ever deleted. Again, assume there is no such thing as permanent deletion online and react with skepticism whenever someone claims that something can be permanently deleted online.
It obviously doesn’t really matter if a dumb picture of you and your friends is supposed to go away forever but doesn’t. It’s a vastly larger problem if you are trusting Snapchat to communicate highly sensitive information. In a recently published Kaspersky Daily piece, we speculated that, depending on its security, Snapchat could potentially be a good place to communicate secret information. We now know that that is a bad idea.
It’s well known that poorly implemented ‘HTTPS’ that can lead to data breaches is a ubiquitous security problem among mobile applications. Elcomsoft researchers also found that “Many password management apps offered on the market do not provide adequate level of security.”
The moral is this: if you are storing, sending, or trying to protect sensitive data, then you should not rely upon proprietary, non-standards based applications. There are plenty of good, secure communications channels out there, so don’t risk it.