Image: Mashable composite. Snapchat
By Karissa Bell2014-10-11 02:53:11 UTC

Your Snapchat photos and videos may disappear from the app, but the messages can still be saved indefinitely without your knowledge.

All it takes is downloading one of many readily available third-party apps.

While it appears the purported Snapchat photo hack was a hoax, the incident raises some longstanding questions about the security of the popular ephemeral messaging app.

There are dozens of apps in the App Store and Google Play that allow you to easily save incoming photos and videos without the other person knowing. We’ve highlighted a couple of the more popular below— notably all three allowed us to view incoming Snapchats without even opening them in the main app. Simply log in with your Snapchat credentials and the apps are able to quickly capture all incoming photo and video messages.

SaveSnap, one of the more popular Snapchat-saving apps, will warn you before you save images that you are violating the other user’s privacy, but it doesn’t stop you from saving them anyway. The app allows you to save five messages for free and with subsequent saves requiring an in-app purchase.


SaveSnap warns you before saving images you are violating the other user’s privacy.

Image: SaveSnap

Quick Save not only captures incoming photo and video messages, but allows you to view (and save) your friends’ Snapchat Stories and send your own photo or video messages with the app.

Quick Save

Quick Save allows you to view and save incoming photo and video messages on Snapchat and also send your own messages to other users.

Image: Quick Save

SnapSave, whose interface looks a lot like Snapchat’s, also takes a freemium approach— allowing users to unlock a limited number of photos and videos for free with more available with an in-app purchase. The app allows you to save incoming messages, view Stories and share your own Snaps with friends.


SnapSave’s UI looks a lot like Snapchat.

Not only are there dozens more apps like these in both app stores, many are profiting by charging users for premium upgrades, such as the ability to save unlimited numbers of photos and videos. Ten of these Snapchat-saving apps reached a combined 1.7 million downloads in Google Play alone, according to the FTC.

For its part, Snapchat says these apps violate its terms of use and essentially blames hacking victims for using these services.

Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our ToU.

— Snapchat (@Snapchat) October 10, 2014

In a statement given to Mashable, Snapchat reiterated that third-party apps violate their terms of use and said the company has “succeeded in getting many of these removed.”

We can confirm that Snapchat’s servers were never breached and were not the source of these leaks. Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users’ security. We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed.

But security experts and other critics say policing the app stores aren’t enough and that the company can and should be doing more to fix the issue— namely by adjusting their API so it can’t be used by third-party developers. Snapchat doesn’t publicly share its API, but developers have reverse engineered it, which has enabled the proliferation of third-party Snapchat clients— a problem the company apparently hasn’t yet addressed, according to security researchers.

Embedding a cert into the SnapChat client would have prevented attackers from being able to access the API, even with the user’s credentials

— ashkan soltani (@ashk4n) October 10, 2014

Furthermore, Snapchat is well-aware of this problem and has been for some time. As researcher Ashkan Soltani pointed out on Twitter, the Federal Trade Commission raised concerns about third-party apps back in May when it filed its complaint against the company for how messages were characterized within the app.

Ouch, @snapchat is already under order by @FTC for letting 3rd party apps use their API

— ashkan soltani (@ashk4n) October 10, 2014

According to the FTC complaint, Snapchat was warned of the vulnerability presented by third-party apps as early as June 2012. Though Snapchat reached a settlement with the FTC and agreed to make changes, fixing the third-party app vulnerability was apparently not among them.

Have something to add to this story? Share it in the comments.