36 comments

[ 4.7 ms ] story [ 91.3 ms ] thread
Holy shit. That’s overkill for a texting app for high schoolers.
Well it used to be for Dick pics.
the funniest thing is that you can still simply enable airplane mode, screenshot, and delete the app

this doesn't really do jack

Or the truely great hack of just taking a photo of your screen with another device, which my elderly aunt uses not only for perserving snapchats but also for forwarding word docs and emails.

You can't actually fix a people problem with a technology solution, but maybe you can get rich selling technology solutions all the same.

I remember back in the the late 90s when my dad asked me for a javascript solution to prevent people from right clicking on his photos (that he wanted to sell prints of) on his website and clicking save image.

He was horrified to learn what the Print Screen button on his keyboard did.

Haha, indeed. Blocking right click is so silly. It doesn’t really prevent a sufficiently motivated user, it’s just annoying.

Although if you’re talking about printing photos, you would need a very high resolution monitor to capture a decent quality photo using the print screen function. Doesn’t seem viable to use print screen in order to save a photo you intend to print, especially in the 90s when screens were rarely better than 1024x768.

Obviously there are better ways to save the high-quality original images, but I’m not sure I would really worry about print screen.

You'd be surprised how little people care about low resolution photos. Most people would rather print a crappy screen capture of an image than pay for a high quality print.
I would say it's actively harmful. If I accidentally notice that it's happening, I'm going to start actively downloading things indiscriminately.

Or maybe I'm just annoying.

They could possibly store such information using DeviceCheck, but yeah, bypassing their restrictions is fairly trivial in the real world if you put just a bit of effort into it…
Snapchat is aggressive in preventing people from reverse engineering it as a spam prevention measure. If you make it really really hard to automate its use the spammers will move on to other targets.
Exactly. That's why the presence of bots on Snapchat is close to zero and the accounts are almost certainly created by real users, unlike other platforms.

However, the daily active users on Snap is a more interesting metric than the total number of users signed up.

Citation needed. Bots add me every week, it's no different than what you find on instagram.
Even if we assume these are "manual" bots from click farms, it still doesn't fulfill Snapchat's objective.

Users hate spam, not bots per-se. Snapchat should be focusing on fighting spam, through a karma system, rate limits, etc instead of purely focusing on bots and preventing good bots (or users that appear to be bots, with alternative clients, etc) from existing.

I don't even understand what this is about.
Snapchat doesn't want technically proficient people to be a part of its social network. This is an analysis of how they achieve it on iOS.
You are being downvoted by the sacarms, but it is a very clear and concise description of unintended consequences of this.

Advanced users get root on their phones, and use linux on their computers. And as a consequence, they must fight uphill battles or outright give up their access to some tools/networks/games, effectively censoring them there for unrelated choices.

This is the modern equivalent of being silenced by email spam filters false-positives, but today, nobody gives this a thought.

Thank you for explaining it better than me.

Just to be clear, I don't consider Snapchat's decision as evil or good. "Alienating techies" vs "enabling revenge porn" isn't like your everyday dilemma.

Interesting that even apple apps with the strictest sandboxing by default still has over ten different methods of determining if a jailbreak exists. Now maybe these methods are only useful when a phone is jailbroken, but it seems that this just seems like another way of collecting information.
Many of these methods are probing for whether the sandbox exists and is in effect–on a normal device they will return errors (you tried to access something you shouldn't have) or predictable values (the libraries loaded should just be your own and Apple's) based on the app's execution. The point of such checks is that on a jailbroken device they will unexpectedly succeed due to relaxed policy enforcement or give away information that code execution is occuring. In my opinion most of these should not pass App Store Review. But Apple lets it through regardless…
The title in the blog sounds slightly confusing here. It should at least add the word 'Jailbreak' which clears up the confusion and adds more context to the readers. Thus, it should be "Snapchat Jailbreak Detection on iOS". Likewise for the Android version of the app. [0]

Otherwise a great read for the security research folks interested in reversing iOS apps.

[0] https://aeonlucid.com/Snapchat-detection-on-Android/

I expected to see use of DeviceCheck.[0]

[0]https://developer.apple.com/documentation/devicecheck

Hold your horses, DeviceCheck's jailbreak detection "features" are still in beta!
I expect this to be the first thing bypassed by jailbreakers. In fact, concentrating the checks into a single place makes it easier. Ultimately, attempting to establish security in a hostile environment (where your code is running on someone else's machine) is and will always be impossible.

Even Apple acknowledges this:

> No single policy can eliminate all fraud. For example, App Attest can’t definitively pinpoint a device with a compromised operating system. Instead, the DeviceCheck services provide information that you can integrate into an overall risk assessment for a given device.

It is mildly upsetting that it says "These tweaks can compromise the security of your account" when the reason for the bans is clearly so that it is more difficult for you to save images you receive.

https://support.snapchat.com/en-US/a/jailbroken-iphone

Presumably its for bot detection.
It's for the tweaks. For a while there was an update to update arms race between Phantom and snapchat. Snapchat would detect phantom, then the next phantom update would evade the detection, then back and forth back and forth. Phantom basically added more power to the app, along with the ability to save videos and phtos, plus some other quality of life features that took snapchat years to implement natively (groups, more design tools, access to camera roll, etc). Honestly, probably 90% of snapchats features over the past 5 years came from copying features from that tweak.

I can't imagine why snapchat is so militant, probably just some ego or personality on their dev team that doesn't want a subset of power users to emerge. It reminds me of twitter going to war with alternative clients. I tend to hold on to my phone for pretty long, and snapchat is always the first app that forces me to update my phone to the latest OS or even buy a new one entirely if I've reached the final OS for that phone.

Lying (or staying mum) to people for why you removed them from you platform is sadly all too common.
Are there any good open source libraries or even commercial tools for root detection and app code obfuscation like discussed in this thread:

https://news.ycombinator.com/item?id=23557998

Snapchat bought the team that was doing it for them, Strong.codes. But you might have luck searching for things like "LLVM obfuscator" or some of the other techniques discussed in the thread. (Obligatory disclaimer: obfuscation is not a substitute for proper server-side security.)
It refusing to work on modified devices is exactly why I don't use it. It's a little sad because I like the format (Instagram doesn't feel the same), but the clear lack of respect (they won't even tell you why the login fails on Android) is pretty disappointing.
I'm actually quite surprised that Apple allows apps on the App Store that make system calls directly, as those are as "private API" as you can possibly get. Also,

> I need to be honest, this is a very annoying way how they check for injection because it is annoying to fix. Instead of using getenv they use the environ variable. Since it is a variable, you can not “hook” it.

Once you have code execution I don't see why you can't just go change it back to how it should look…

One more interesting fact is that the checks mentioned here often catch people who are jailbreaking…and people who look like they are jailbreaking, like Apple employees with internal devices. They're indiscriminate, so if you're thinking of implementing these in your app and the many other reasons to not do so aren't enough for you, consider that you may end up annoying a number of engineers at the company that you're solely dependent on to distribute your application.

Right? I'm surprised Apple doesn't have a ban on an aligned "d4000001", aka 'svc #0', being anywhere in your executable segments. There's no reason for that unless you're making syscalls directly.

That being said, snapchat I'm sure makes an absolutely ludicrous amount of money for Apple given that Apple would be dipping into snapchat premium subscriptions. I bet they're special cased, can annoy all the Apple engineers, and not have any repercussions from it.

Interesting techniques.

I wonder if Snapchat would also flag a user if their iPhone was jail broken or otherwise hooked by NSO groups Pegasus spyware?

Depends. If the malware's job is to just pull the Messages database off the device, then no, this wouldn't find it because the exploit would likely make minimal patches to things it cares about and Snapchat would not be aware that the kernel has been compromised. But if the spyware tried to inject code into the Snapchat process–which is the only thing that malware would do that it can really check for–it's possible, but depending on the sophistication of the malware authors it's quite possible to bypass these checks.
(comment deleted)