When uploading content from camera roll to my eyes only on Snapchat does Snapchat have access to the content in a decrypted form during the upload process or is the upload process also private
Executive summary
When a photo or video is moved from a device’s camera roll into Snapchat’s “My Eyes Only,” Snapchat asserts those items are stored encrypted and “not even us” can view them after they are saved [1] [2], and multiple guides and reporting describe My Eyes Only as a local, passcode‑protected encrypted vault [3] [4]. Independent technical writeups and forensic tools, however, point out two practical caveats: Snapchat’s public material lacks granular technical disclosures about the exact upload/decryption steps [5], and local decrypted copies or caches can allow recovery under forensic conditions [6] [7].
1. What the company says in plain language: encryption and “not even us”
Snapchat’s product documentation and privacy pages describe My Eyes Only as a password‑protected folder where saved Snaps are encrypted and cannot be viewed without the user’s passcode, and they explicitly claim that without that passcode “no one can view these things after they are saved in My Eyes Only — not even us” [1] [2], language echoed by consumer guides and tech press that present My Eyes Only as an encrypted local vault [3] [4].
2. The technical inference repeated by third‑party guides: client‑side encryption during store/decrypt
At least one explanatory guide infers that the encryption and decryption for My Eyes Only take place on the user’s device, meaning servers never have the unencrypted media or the encryption keys during normal use — an inference that implies uploads into My Eyes Only are encrypted client‑side before any server storage [5]. That guide also notes Snapchat Web cannot directly upload into Eyes Only and that the mobile app is required to add items [5], which supports the notion that the mobile client handles the My Eyes Only workflow.
3. Forensics and practical exceptions: local caches, viewed items, and device compromise
Independent forensic reporting and tool documentation show practical limits: My Eyes Only content that has been viewed locally or exists in the application’s media cache can be recovered and decrypted by forensic tools (for example, AXIOM reports support for decrypting Memories including My Eyes Only in many situations when cached or viewed locally) [6]. In other words, while Snapchat says the saved content is encrypted, decrypted copies can exist transiently on the device or in app caches and those can be extracted if the device is accessed by forensic tools or an attacker with sufficient access [6].
4. What the code and community projects reveal about local secrets and attack surfaces
Open‑source projects and community research show Snapchat stores elements tied to My Eyes Only locally — for example, the My Eyes Only PIN is stored in app data and has been observed hashed with bcrypt in device databases [7] — which demonstrates that critical pieces of the protection model are implemented on the device and thus are exposed to local compromise techniques like rooting, jailbreaks, or forensic extraction [7]. Those findings do not contradict Snapchat’s claim about server‑side unreadability, but they underscore that the local device is the security boundary.
5. What can (and cannot) be concluded with available reporting
Combining Snapchat’s public claims with third‑party reporting yields a consistent picture: Snapchat’s stated model and independent explanatory guides indicate uploads into My Eyes Only are protected so that Snapchat’s servers should not have access to decrypted content [2] [5], yet forensic analyses and community tools document scenarios where decrypted or recoverable copies exist on the device and can be extracted if the device or app cache is compromised [6] [7]. Snapchat has not published a full technical whitepaper in the cited sources that proves every step of the upload/decrypt pipeline, so these conclusions rest on the company’s public statements plus forensic observations rather than an exhaustive vendor technical disclosure [1] [5].
Conclusion
The most defensible reading of available reporting is that Snapchat intends My Eyes Only to be client‑side encrypted such that servers do not retain readable media — meaning Snapchat should not be able to read the content in decrypted form during a normal upload into My Eyes Only [2] [5]. However, real‑world forensic work shows local decrypted copies or caches and local storage of authentication material create attack surfaces that can let content be recovered if the device or app data are compromised [6] [7]. The reporting cited does not provide a line‑by‑line cryptographic specification from Snapchat, so absolute statements about every possible edge case cannot be made from these sources alone [5] [1].