Snapchat is user disempowerment patterns taken to their logical conclusion: The developer has full access to all their data, while the users have none.
The other big players have been moving in that direction, making it less and less accessible and exportable, but Snap takes the cake.
> The other big players have been moving in that direction
Not so, TikTok actively lets you download videos in a convenient format. I think that helped it grow too, since they embed a watermark and add a splash screen at the end. Certainly that's how I first found out about the platform. That said, this seems to be disabled in some regions (not sure if you can opt in).
>We don't need any forensics tools. We can simply use adb pull to fetch the files because they are never deleted. But once you logout from the app and after Snapchat deletes the Snaps, you will need the right forensics tools to recover the files.
This feels like a bug, no? I don't see any logical reason for Snapchat to keep the files around that long.
App developers on Android rarely bother to clean their app caches. Open Apps in settings, sort by size, check top entries and you'll be surprised. Explain to me why the hell does Instagram need 500 MB of cache.
Kind of a bummer I don't know of any method to mass clear cache data of all apps on my non-rooted Galaxy S8. It'd save a lot of space and was possible on ancient HTC phones with Android 2.3.5.
Edit: I experimented with wiping cache partition in recovery mode, but this ain't it - as the name suggests it's a separate partition.
Not sure about Android but iOS will automatically clear caches only if your free storage gets low. So if you have a lot of storage space, those numbers are probably expected.
If an app can accumulate 500MB of cache without pain to the app developer, I suspect cache management programming will remain a practice&skill mostly only for only systems programmers and the more bespoke backend programmers.
I assume Insta invests in engineering for whatever cache expiration they do. And if there's 500MB cache, probably it's a conscious engineering decision.
But maybe the majority app developers, if they could fill up cache, probably aren't thinking that far ahead -- not thinking about that non-visual, non-customer-story aspects. So most wouldn't have occasion to learn how to do cache management sufficiently well that they don't cause stability or performance problems.
...or they just don't care about users space on devices, and say "how deep does the top 1% of users scroll?", multiply that by average video size, and set the cache at a level, that makes the app download every photo only once, even for "the worst" users.
I'm probably preaching to the choir, but when people run out of space (real or percieved), they sort by size to figure out what app to remove. Even if the user does cycle through many apps because they can't fit all the ones they want at the same time (and many do), there's always a chance that they don't come back. And, if they do come back, verification is a cost center. Either directly, through SMS or voice costs, or indirectly, through support needs as people invariably forget their password, or their email address, or their username or even their phone number.
But hey, if the big names don't want to deal with it, more room for smaller teams.
Android will routinely clear out cache as it ages or when other apps need more space. The developers don't need to worry about cache usage if the OS is handling it all for them. The problem is that all the apps get a quota so you can quickly run out of space on the device unless you either have a lot of internal storage or can move the gluttonous apps to an SD card. I keep social media apps on internal storage since I usually want things to load quickly but keep apps that cache movies or music on the SD card since that's fast enough.
The Reddit android app seems to quickly balloon up to 500MB of storage and some more cache on top of that. I genuinely don't know how they do it.
I think there could be a real watershed moment in a few years as companies realize that rising to the technological challenge isn't actually that expensive or even difficult if you hire people with the right combination of arrogance and brains. Rage against the latrine.
It prefetches every image and post as you scroll. Even some of the unofficial apps will do this too but may give you an option to turn it off. A large portion of the cached data is videos depending on the subreddits you subscribe to. Wipe the cache and scroll through reddit without clicking anything, the cache will be massive. Make a new account and only sub to text subreddits and you'll see the cache massively decline.
At the end of the day, the data has to live somewhere. If not on disk, then in memory or straight from the network. If the device is rooted, then the user would technically have access to any of these, so it doesn't really matter.
I believe Snapchat has an option to reopen the snap you just viewed, but I don't think it's available for very long - maybe a couple minutes after viewing tops?
No excuse I can think of for the media existing for more than a few minutes post-viewing.
yea this is ridiculous, they have lied through their teeth about what happens on Android. tho of course its probably half clueless negligence or a missed change, half not caring. all the same
I don't think an app has the kind of low level access required to actually wipe something from memory. Unless android has an API with a function to do so. I assume you are just telling the OS to delete the file and the OS does that however it normally does that. Truly wiping a file from storage requires overwriting it with random data.
That doesn't seem to be the case here, because the files are actually deleted once the user logs out of Snapchat. So it's obviously the Snapchat app itself that is triggering the file deletion, not the OS.
With wear leveling and modern filesystems, it's harder than that actually overwrite the file on disk (for modern definitions of the word disk). The operating system will ask the storage device to delete the data, but there aren't actually guarantees that the storage device actually listened to the operating system's request to delete the data.
Which is why if you care about sensitive data not being recoverable from failed media (eq. banking database, PII, mediacal records, etc.) you should always use full disk encryption (LUKS, bitkeeper, veracrypt, etc.).
That way anything one could recover from that device afterwards would be effectively random noise to them without the decryption key, regardless how the firmware of the device actually wrote the individual data blocks.
Does anyone else remember when it was possible to extract snapchat messages that haven't been viewed yet because they had some ridiculously easy to find encryption key, hardcoded in the app? It was found running 'strings' and trying each one for the key and boom, one little script and you could just do this really easy for a long time even after knowledge of how to do it had been made public. This was so long ago, not sure what they did to change this at all -- No surprise at all they don't random-out the files here.
> Does anyone else remember when it was possible to extract snapchat messages that haven't been viewed yet because they had some ridiculously easy to find encryption key, hardcoded in the app?
In ~2016 on Android, incoming messages that haven't been read yet weren't encrypted at all. You could just look at the app's SQLite database and find the message contents somewhere in the message table. The sending party would never known you had read it.
This is neat but I suspect its practical value isn't that high. The type of people who want permanent access to incoming snaps just run screen recorder software.
The other big players have been moving in that direction, making it less and less accessible and exportable, but Snap takes the cake.