Facebook is hurriedly cooking up a fix to its Poke app, after a security bug allowing all videos sent through the purportedly ephemeral messaging service to be extracted was identified. “We are addressing this issue now” a spokesperson told BuzzFeed, “we should have a fix pushed shortly.” Poke – along with rival time-limited messaging app Snapchat – was caught caching videos in a temporary file on iPhones and other iOS devices, where despite the sender setting them to delete in 10 seconds or less, they could later be retrieved.
That retrieval process proved as straightforward as plugging the iPhone into a computer and using a third-party file manager app to browse through the files. Facebook Poke stored the videos in a folder buried in the iOS library, though they could be pulled out as .mov files assuming they hadn’t already been watched in the app itself. Snapchat videos, meanwhile, were found to be saved even after they were watched, something which is meant to be a one-time process.
In the end, even with more proactive clearing of the cache, the potential for somehow saving copies of images and video sent through Snapchat and Poke is high. Both apps warn the sender if the recipient takes a screenshot, though there’s no way to actually prevent it from happening; use another camera to record the screen, meanwhile, and the sender has no way of knowing what has taken place.
Ten seconds might be enough for a cheap thrill, but it’s also time enough to create a digital headache that could hang around far longer. If you keep putting your genitals in front of people, they’re inevitably going to go viral.