Does Snapchat encrypt Memories and My Eyes Only with end‑to‑end keys that only the user holds?
Executive summary
Snapchat’s “My Eyes Only” is encrypted and protected by a user-chosen PIN, and Snapchat’s product pages state those items are stored “safe and encrypted” and “protected behind a password you choose” [1] [2]. However, public reporting and forensic analysis show Snapchat has only rolled out limited end‑to‑end encryption for some message types and that Memories as a whole are backed up to Snap’s servers, meaning the company’s claims about exclusive user-held keys are contested by independent analyses [3] [4] [5].
1. How Snapchat describes Memories and My Eyes Only
Snap Inc. explicitly markets My Eyes Only as a way to “keep your Snaps safe and encrypted, and protected behind a password you choose,” and repeatedly emphasizes that the PIN protects access even if a device is stolen [1] [2] [6], language that implies strong local protection and limited platform access.
2. What the company has said publicly about end‑to‑end encryption
Company and conference disclosures indicate Snapchat incorporated “limited use” of end‑to‑end encryption and in 2018 introduced E2EE for snaps (pictures and video) with plans to expand to messages and groups later, a modest timeline that confirms some E2EE exists but not universally across Memories and all chat features [3].
3. Independent reporting and analysis that complicates the “only the user holds the key” claim
Security commentators and penetration testers caution that Snapchat “does not currently employ” impenetrable encryption across the platform and that its protections are “relative,” noting in‑route or transport protections differ from full E2EE and that Memories are backed up online to Snap’s servers — a practice inconsistent with the strict definition of user‑only keys [4] [7]. Forensic and law‑enforcement tooling evidence further complicates the picture: analysts report tools like GrayKey and forensic suites can recover and decrypt My Eyes Only material from device caches or extracted backups in many cases, which indicates that local device artifacts and server backups can be used to access supposedly private content [5].
4. Reconciling product claims with technical reality
Snapchat’s product pages and support posts assert that without the My Eyes Only PIN “no one can view” those Snaps — “not even us” — and they warn users that PIN loss means irretrievable encryption [2] [6]. That phrasing aligns with a model where content is encrypted and tied to a user secret, but public technical commentary and forensic recoveries show two important caveats: first, E2EE has been selectively applied to certain message flows rather than universally to Memories; second, local device caches and server backups create additional attack surfaces that can allow recovery even when material is in My Eyes Only [3] [4] [5].
5. Bottom line — does Snapchat use end‑to‑end keys that only the user holds?
The answer is nuanced and must be stated as such: Snapchat applies end‑to‑end encryption to some media types and describes My Eyes Only as encrypted and protected by a user PIN, but available reporting and forensic evidence do not support a blanket claim that all Memories and My Eyes Only items are protected exclusively by user‑held E2EE keys inaccessible to Snap or recoverable only by the user; Memories are backed up to Snap’s servers and My Eyes Only has been decrypted in device forensics under certain conditions, so the practical guarantee of “only the user holds the keys” is not fully corroborated by independent analysis [3] [1] [2] [4] [5] [6].