Snapchat, a popular photo-sharing app, is similar to IM or text messaging. The only difference is that images replace text in the midst of quick messaging. One of the features most users enjoy is the fact that photos disappear shortly after picture messages are sent and supposedly never be resurfaced by the sender. The recipient view time is also restricted to a few seconds before the image self deletes.
Enter digital forensics examiner named Richard Hickman, who has found a way to view the supposed deleted images on an Android device. The exploit, similar to the one uncovered by Buzzfeed back in December, only hides the images and does not actually delete them. Snapchat stores each image in the “RECEIVED_IMAGES_SNAPS” folder. When the image’s time to live has expired, a “.NOMEDIA” extension is added to each photo file. This makes the photo difficult but not impossible to find.
Hickman states “The actual app is even saving the picture. They claim that it’s deleted, and it’s not even deleted. It’s actually saved on the phone.”
It has been noted that it takes up to six hours to resurface the photos on Androids devices and it also depends on how much data is stored on the device. Snapchat has responded to the exploit first reported by the Business Insider:
“There are many ways to save snaps that you receive – the easiest way is to take a screenshot or take a photo with another camera. Snaps are deleted from our servers after they have been viewed by the recipient.”
In line with Hickman’s findings, Snapchat only makes note that the photos are deleted from Snapchat’s servers and not from the devices itself.
Source: Decipher Forensics