Dec. 17, 2012, 11:42 a.m.
Snapchat: the latest craze sweeping iOS and Android users everywhere had a pretty substantial upgrade on December 14th, which introduced video snaps! As an Android user, I was a bit upset to see that the Android app did not get the added functionality of being able to send video snaps, only the ability to receiving and view them. Needless to say, the video snap feature was instantly a hit, and I was receiving up to 10-second long clips of my friends making foolish faces combined with an equally hilarious audio track to go along with it. This brought Snapchatting to a whole new level!
When you receive a new video Snapchat, it shows up as a purple box, with the text "Press and hold to view" next to it. When you do that, it plays the video and after the video duration is up, it is gone, never to be seen again. However, I stumbled upon something interesting completely on accident. If I refresh the screen that lists all of your incoming/outgoing Snaps, and have a video snap that I have not yet viewed and decide now is not a good time to watch it and leave the application, the video will show up in your gallery.
Fig. 1: Snapchat's incoming/outgoing view. Notice the 2 unopened video snaps
Fig. 2: The default Android gallery showing 2 videos (thumbnails hidden to protect privacy of sender), which match with the 2 unopened snaps seen above.
The videos will show up in the gallery under a folder called "tcs_pahn." Upon clicking on one, the video player will happily play the non-obscured video file just as if it were any plain old video. Hmm, this doesn't seem like it fits into Snapchat's mantra of only being able to see a video/photo once. Most people would argue, "but hey, you can screenshot photos! What's your point!?" When a user screenshots a photo in Snapchat, the sender receives a notification that the recipient has screenshotted it, when a video is viewed in the gallery, the sender has no way of knowing what has happened. The recipient is free to copy that file to a different directory to save it forever. I won't get into the morality of what should be sent via Snapchat, but rather I will discuss the technical problems with Snapchat's decisions.
My first instinct upon seeing this tcs_pahn directory in my gallery was, "where is this folder?" So, I opened up my favorite file explorer and tried to find it. The problem is that the folder wasn't hard to find at all, it was on the root of my "sdcard."
Fig. 3: The 2 .mp4 video files that correspond directly to the 2 unopened video snaps seen in the gallery.
As an Android developer, this enrages me. Did the developers take the time to even glance at the Storage Options section of the Android Developer guide? Simply put, an Android app should NEVER save data to the root of the user's sd card. There is a very specific folder structure put in place, and yet Android developers continue to ignore these guidelines.
Barring that, the developers of Snapchat had a huge disregard for the privacy of their user's video snaps by not even putting in a simple ".nomedia" file into the tcs_pahn directory. For the unaware, a .nomedia file prevents Android's media scanner from indexing the directory for use in applications such as the gallery. Just by putting in that simple file, the videos wouldn't have been indexed by Android.
The point of this post is not to bad-mouth the developers of Snapchat by any stretch of the imagination. It is instead supposed to bring light to how these simple things such as overlooking the most basic of Android Developing guidelines can lead to a snafu like this. All in all, I hope to see this fixed promptly (along with an update to allow Android users to send video snaps?) by the developers at Snapchat.
Update (June 16th, 2013)
I just wanted to write a quick update on this, now that this article has been out for half of a year. As most of you know, Snapchat fixed this glaring security bug very quickly after I posted this. But I want to take this moment to outline all of the press that this small article garnered in a very short amount of time:comments powered by Disqus