A security flaw that quietly saves private videos in Snapchat and Facebook Poke for future recovery, when the sender expects them to be deleted after a few seconds, has been identified in the new “sexting” apps. Both apps promise a simple way to share photos and video temporarily, with the promise that they’ll be deleted shortly after viewing; however, BuzzFeed discovered, a simple third-party file browser can pull the video files from a cached store on your iPhone or iPad, allowing the clips to be archived and shared.
Snapchat and Poke – Facebook’s recently released copy of the original app – each cater to the temporary messaging market. Senders of messages, photos, and video can choose how long they wish the content to be available, for up to ten seconds, after which time the promise is that they are deleted from the app and the company’s own servers.
Although a wide variety of uses are suggested, the most commonly-cited purpose for Snapchat and Poke is “sexting” where the ephemeral nature of the media leaves users more confident that DIY pornography won’t hang around to haunt them later. While screenshots can be saved on the device, both apps warn the sender that a shot has been taken.
This new hack, however, gives no such warning. Users simply need to load – but not open – any received clip, then plug their iOS device into their computer and use a third-party file browser such as iFunBox to navigate through to the Snapchat/Poke temporary file folder (either Snapchat/tmp or library/caches/fbstore/mediacard). The video clips are stored there; in Facebook’s case, they are deleted after being watched, whereas Snapchat appears to save them forever.
The hack only works with videos – photos don’t appear to be cached – but serves as another warning that even the most casual digital content could be extracted if users have the right tools. Despite the relative simplicity of the cache access, Snapchat doesn’t appear to be concerned. “The people who most enjoy using Snapchat are those who embrace the spirit and intent of the service” founder Evan Spiegel told BuzzFeed. “There will always be ways to reverse engineer technology products — but that spoils the fun!”