Does Snapchat encrypt My Eyes Only files client-side before syncing to servers, and has this been audited?

1. What Snapchat and mainstream guides say about encryption

Multiple company-facing and educational writeups describe MEO as a locally applied, client-side encryption vault that encrypts Snaps and Memories on-device using keys derived from the user’s passcode or biometric unlock; those pieces emphasize that Snapchat itself cannot read MEO content and that forgetting the passcode means permanent loss of the encrypted items ^{[1] [3] [4] [2]}. These accounts consistently present the feature as intentionally designed to keep the decryption material off Snapchat’s servers and place key custody with the user—an architecture that raises both privacy benefits and user-responsibility drawbacks ^{[1] [4]}.

2. Forensics and practical recovery: nuance that matters

Independent forensic discussion threads and tooling updates indicate MEO is not an absolute barrier in all real-world scenarios: forensic tools (e.g., Magnet AXIOM) claim they can decrypt MEO items recovered from device caches or extracted images when certain local artifacts exist, and hardware tools like GrayKey have been used in research contexts to access Memories under some conditions ^[5]. In addition, community code and writeups show Snapchat stores an MEO PIN-related record on-device (bcrypt-hashed) in app databases, which has spawned brute-force tooling for rooted devices—evidence that local artifacts can be exploited if an attacker has device-level access ^[6].

3. Security critiques and attack surface reminders

Security researchers and pen-test writeups warn that “client-side encryption” is only as strong as the device, the passcode, and implementation details; Snapchat’s broader messaging and storage model has known distinctions (images vs text, in-route encryption differences) and the company does not claim a mathematically perfect, threat-proof system, meaning MEO’s protections have realistic attack surfaces—compromised device, weak passcodes, or forensic access can blunt the benefit ^{[7] [4]}. Public guidance therefore often counsels treating MEO as strong for casual adversaries but not an absolute defense against determined, device-level forensics ^{[4] [7]}.

4. The audit question: what the supplied reporting does and does not show

None of the provided sources documents a completed independent cryptographic or implementation audit of MEO by a third party, nor do they cite a public security assessment report that verifies the entire client-side key derivation, storage, and sync model; the material supplied is either vendor-facing descriptions or third-party observations about recoverability and local artifacts ^{[1] [2] [5]}. Therefore, on the evidence given, it is accurate to say MEO is presented as client-side encrypted but there is no corroborating source here showing a formal external audit of the feature’s cryptography or end-to-end implementation ^{[1] [5] [2]}.

5. Bottom line and practical advice implied by the reporting

Based on these sources, MEO encrypts content on-device before it is synced or stored such that Snapchat claims it lacks access to the unencrypted data and cannot recover content if the passcode is lost, but independent forensic reporting and community tools demonstrate scenarios where local caches or device-level access can yield recoverable content—so the protection is meaningful but not absolute ^{[1] [2] [5] [6]}. The supplied reporting does not document an independent audit; anyone for whom absolute, verifiable cryptographic guarantees matter should look for a published third-party audit or vendor security whitepaper beyond the sources available here ^{[5] [2]}.