Someone recovered your deleted pictures? *OH SNAP!*
Wish there wasn't evidence of those drunken college photos? Or, pics of something that could be career-ending?
Enter Snapchat, an app available on iOS and Android that allows users to take a photo, send it to a friend, and is deleted after 10 seconds. (It's so easy, even Stephen Colbert can do it). Sounds pretty great, right?
Well...
Snapchat photos appear to live "beyond the grave" in the memory of smartphones (perhaps making the Ghost logo all the more appropriate).
Decipher Forensics recently investigated if Snapchat photos actually are deleted, or if the image and any associated metadata with such photos can be recovered. Report author used two Android devices to send and receive Snapchat photos, and found that:
The majority of Snapchat data is stored within the data/data/com.snapchat.android folder. There are four folders within this directory, with two folders within the cache folder.
Examination of the Samsung Galaxy S3 revealed that within the shared_prefs folder are several XML files: CameraPreviewActivity.xml, com.google.android.gcm.xml, com.snapchat.android_preferences.xml, and SnapPreviewActivity.xml.
The com.snapchat.android_preferences.xml file contains a listing of all the contacts stored on the device, as well as a listing of Snapchat messages. Within each message is a set of fields in XML format indicating the timestamp, the sender, whether the image was viewed, as well as other information. According to the report, even images that were "expired" were still recorded within this file. The received_image_snaps folder contains every sent image, even those that were viewed and expired.
Why does this matter?
Just because an application says it "deletes" your data doesn't mean it's truly gone. Erasing data more completely often requires a factory reset of the phone, destroying the SD card, or other more complicated steps. Snapchat's privacy policy states that "Although we attempt to delete image data as soon as possible after the message is received and opened by the recipient (and after a certain period of time if they don't open the message), we cannot guarantee that the message contents will be deleted in every case." In fact, Decipher Forensics said it would charge a fee of between $300 and $500 and at least one day to recover photos from the application. While discovering photos thought to be deleted could lead to simply an embarrassing situation for some, it could be truly dangerous for others who send pictures of human rights violations or other highly sensitive data. With minimal time and money required to retrieve such information, groups who rely primarily on mobile phones to send sensitive data could be at extra risk for having this information discovered.
Decipher Forensics plans to conduct tests on the iOS platform. To learn more about keeping your mobile communications safe, check out SaferMobile's resources as well as Security in a Box's resources on smart phone security.