The founders of Snapchat have said it repeatedly: The app doesn’t save your data. As long as your photo isn’t subject to a nefarious screenshot, it should be lost in the ether of the digital world. And since the photo-sharing app is servicing over 150 million goofy pictures a day, it’s done a good job of convincing its users that their photos are ephemeral. They even convinced Stephen Colbert.
But an investigation by Decipher Forensics discovered that metadata from your expired Snapchats is still on your Android. Researcher Richard Hickman described the purpose of the investigation in a blog post: “We wanted to know if snaps really do “disappear forever,” if there is metadata associated with snaps, if snaps can be recovered after becoming expired, and if they can be recovered, if there is metadata associated with the expired snap. Based on the home screen for Snapchat, it is clear that these time stamps are stored some place, it is just unclear if they are recoverable. However, they are stored somewhere, even for expired snaps.”
“Metadata is basically data about data. So in this instance, the metadata is things like when the Snapchat message was sent and who sent it,” Hickman tells us. “The actual picture file is still fully intact. The app has just added a new file extension to hide the picture.”
“For an affordable price of $300-$600, parents and law enforcement can mail us phones, and we will extract the Snapchat data, and send the phone and data back in a readable format.”
Decipher Forensics conducted their investigation on an Android, and hasn’t done the same using iOS yet, though Hickman says he expects the results will be similar. And for Android, they conclusively discovered that metadata from expired snaps is present – even after Android developers created the .NOMEDIA file extension, which Snapchat uses to prevent images and image metadata from getting stored on the phone. But Decipher Forensics used AccessData’s Forensic Toolkit to bypass .NOMEDIA – and according to Hickman, the process is simple. “That file extension can be removed as easily as renaming the file in Windows without the new .NOMEDIA file extension.”
So what are the implications for Snapchat users? Well, if you want to pull this metadata off your Android and recreate an expired picture, you won’t be able to do it without certain tools. Decipher Forensics says it has the tools to pull these supposedly-transient photos back up, and it’s now offering its services to both law enforcement officials and regular Snapchat users who really want to see an expired photo. Basically for a price, Snapchats can be brought back to life, and the first use of this technology will be to help in cases of illegal activity and … well, anyone who’s willing to pony up to re-see an image.
Hickman described the process for recovering photos: “Now, how easy is this for someone to do? With the right software, very easily. I conducted this research using AccessData software, which is thousands of dollars. The average person does not need to spend that though. As a digital forensics firm, we offer for anyone wanting to retrieve their Snapchats for an affordable price of $300-$600. Parents and law enforcement can mail us phones, and we will extract the Snapchat data, and send the phone and data back in a readable format.”
Snapchat has some explaining to do. They haven’t responded to our request for comment, but this could require a major overhaul.
