Understand how we protect your photos and privacy
We've built our app from the ground up with security as the foundation, not as an afterthought like many other photo apps.
Let's be real: if a state-level intelligence agency with unlimited resources is specifically targeting you, no app can fully protect you.
Short of that most extreme threat model SnapSafe is engineered to protect your photos against everything else, from the most common threats like nosy friends to more extreme threats like border checkpoint searches utilizing forensic tools.
SnapSafe protects your photos across three critical dimensions:
Your constitutional rights matter. SnapSafe uses PIN protection instead of biometrics for a very specific reason: In the US, courts have ruled that authorities can legally force you to use your fingerprint or face to unlock a device, but they cannot compel you to reveal a PIN that exists only in your mind.
Sometimes the biggest threats aren't technical but social. SnapSafe requires strong PINs, prevents brute-force attacks, and even includes an emergency "Poison Pill" feature that can protect your photos if you're ever forced to reveal your PIN.
We use state-of-the-art encryption and security practices to keep your photos safe, even if your device falls into the wrong hands. Your photos never touch the disk unencrypted โ even thumbnails are stored securely.
Border checkpoints are a legal grey area, even for US citizens. If your phone is unlocked during a search, authorities have broad powers to examine its contents.
If you're crossing a border, consider these precautions:
Even if your device is unlocked, SnapSafe provides an additional layer of protection with its separate PIN system. And our "secure window" feature prevents your photos from being visible in the task switcher, even if you were just using the app.
Your PIN is your first line of defense, and we've taken steps to make it strong:
We don't allow weak PINs like "1111" or "1234". We also blacklist common PINs like "6969" to ensure your protection isn't compromised by an easily-guessable code.
Failed PIN attempts result in increasingly longer wait times between tries, making brute-force attacks impractical. This also gives you time to think if you're just misremembering your PIN.
After 10 failed PIN attempts, SnapSafe will automatically wipe all photo data. This ensures that persistent attackers can't eventually guess their way in.
Sometimes security isn't just about technology โ it's about protecting yourself in difficult real-world situations. That's why we created the Poison Pill feature.
You can set up a second PIN โ your "Poison Pill PIN." If you're ever forced to unlock SnapSafe against your will, you can enter this alternative PIN instead. The app will appear to unlock normally, but will secretly delete all your sensitive photos. The person demanding access won't know anything happened.
For added realism, you can designate certain non-sensitive photos as "decoys" that will remain visible after the Poison Pill is activated. This makes it less suspicious than if your secure photo app appeared empty when the attack gained access.
Sometimes you need to share photos, but that doesn't mean you have to compromise on privacy:
By default, we remove all EXIF data from photos when sharing, including location information, device details, and timestamps. We also randomize filenames to prevent leaking information.
Our face detection can automatically identify faces in your photos that you might want to blur before sharing. Our blurring technique is resistant to de-blurring algorithms by destroying pixel data in a non-deterministic manner.
Remember: Once you share a photo outside of SnapSafe, we can't guarantee its security. Be careful who you share with and which apps you use for sharing.
For the technically-minded, here's how we protect your photos:
We use AES/GCM 256-bit encryption, the gold standard for protecting sensitive data. Your photos and thumbnails are never stored unencrypted, even temporarily.
You can set how long SnapSafe stays unlocked after you authenticate. When your session expires, all sensitive data, such as encryption keys, are evicted from memory, protecting you from memory-based attacks.
We explicitly disable all forms of app backup to prevent your encrypted photos from being extracted through Android's backup mechanisms.
We utilize Hardware Backed keystores such as TEE or Secure Element where available, to provide the most robust protection possible on consumer hardware.
Keys are sharded and obfuscated in memory to resist memory dump attacks. If the worst happens, and your OS is compromised, we may still yet be able to protect you.
If you would like some more technical depth on how we approach security, read our technical deep dive here.
SnapSafe was built with one mission: to give you complete control over your visual privacy. In a world where photos are increasingly valuable, they are also increasingly vulnerable. We believe everyone deserves a truly secure solution.
Return to Home