Snapchat is a popular multimedia chat app with an allegedly vanishing history. Users can send pics or videos and set an expiration in seconds. After viewing the content for the prescribed duration… poof, it’s gone. I was bored and playing with Forest when I noticed that the app sends an alert to the sender when their message is captured using iOS’s screen capture function. I was actually impressed with the forethought. Unfortunately, that impression did not last long. It took me less then 20 minutes and only 3 messages to take advantage of Snapchat’s prebuffering to capture the message permanently without revealing that I had even viewed it. I did this all with the latest Snapchat on the latest iOS on a stock iPhone 6s+ (no jailbreak). Honestly I find this kind of thing in a lot in applications not designed specifically for security. Non authenticated data is sent before the authentication for speed or some other performance reason that negatively impacts security. Kinda like client side authentication, sure there is a reason for it, but that doesn’t make it a good idea. I am certainly not the only one to figure this out. It seems that the basics of this method have been known for at least a year.
UPDATE (6-15-16): Tested again with newest Snapchat app. still working.