Snapchat Analysis with iPhone plists and Android databases
OUR Analysis So Far on user.plist…
Based on our current analysis, we have found that the Android device has provided us with more obtainable information from SnapChat than the iPhone 5. On the iPhone, the user.plist provided the most information about the application and the associated metadata regarding the username and messages sent/received while using the application. We have found evidence that the iPhone logs precise geolocation data within this plist. However, besides some basic information regarding the transmission of messages from one user to another, the pictures and messages appear to be encrypted. We discovered that the encryption method being used is AES-128, which could potentially be cracked. For our Android device we are using a Nexus 5; we are able to view all pictures that were sent from the device, located in the database com.snapchat.android. This database also retains the screenshots that were taken using the device, including both the full-size and thumbnail versions of the picture. Unfortunately, most of the information found within the plist had been encrypted, as we progress through our research we will be looking into ways to get around it.
Our next step in our analysis is to look for additional information regarding the geolocation data, to see if this is exclusive to just the iPhone. We then want to discover if we can find the received photos from the Android, along with further transmission information. Then we will continue to investigate the transmission data on the iPhone and if it can be discovered within the user.plist.