Exploit Discovered In Snapchat
On December 14th The Android version of the popular app Snapchat received an upgrade allowing the user the ability to view video snaps but not send them. This gave people yet another excuse to slack off at work 10 seconds at a time. However users of this app should take caution. It’s all fun and games until your video is saved to recipient’s SD card.
One of the main selling points of Snapchat is that once a picture or video is seen it’s supposed to be gone forever. However just like everything else on the internet and in tech these days, “gone forever” really means “saved somewhere”. Basically what happens is if you have a video waiting in Snapchat to be viewed and then you close out of the app without watching it, the video moves into your gallery. That’s right. Saved to your device.
The folder that these videos end up in is called “tcs_pahn”, which is created on the root of your SD card. Going into the folder allows the end user to watch the video over and over and even forward it. This takes all of the power out of the sender’s hands, which is where Snapchat intends it to be, and into the recipients. We know that you can take screen shots of the videos and pics inside the app but this is different, it saves the original content. I’m not saying everyone is evil but I’m sure you can all see where i’m going with this. We’ve all heard or read the horror stories.
This flaw apparently falls squarely on the developers of the app who must have missed the part in the developers guide outlining storage options. Applications are not supposed to create saved versions of videos onto the user’s SD card. This could all have been easily avoided by putting a .nomedia file into the tcs_pahn directory which would have essentially blocked the Android media scanner from indexing the files.
We’re going to go ahead and assume that this will be fixed through a quick update but for right now, if you’re using Snapchat be careful.
Category: Android News