Snapchat tracking over company WiFi. What can they see, save or open?
I sent a snapchat to a coworker during company time. I was not on the work wifi, but now I believe they may have been. What will my employer be able to see from the snapchat that was sent and opened over the WiFi? I believe there is a certificate agreement in order to log in but I don't know for sure.
Snapchat used to use a famously weak crypto implementation with a global key stored in the source code to encrypt pictures at rest, so they are infamous when it comes to security.
But, luckily enough, all communication is over HTTPS. That means the owner of the network (your company) can not MitM the users (your friend) and read the content of their messages. They can, however, see who communicates with who. Since the Snapchat app communicates with the Snapchat servers, and not directly with the person the messages are adressed to, they could see that your friend used Snapchat, but not that she chatted with you or what she sent.
Some caveats that could undo this:
- Maybe Snapchat messed up the TLS implementation, and don't check the certificates properly.
- Maybe your company forced you (or in this case, your coworker since she was the one on the WiFi) to install a certificate in your trust store to allow them to inspect your HTTPS traffic.
- If these are company phones we are talking about, they could have all sorts of monitoring on the phone in place.
If any of those points apply, your company could potentially see the whole communication - the photos, the recipients, everything.
how would I look to see if they forced me to install a certificate in my trust store?
@janniepie212 it's actually the trust store of the recipient's phone as that was what was on the company net. I don't know how to check (and it will vary by phone), but it is obvious when it first happens. The phone says something like "do you wish to install this cert from...?" and you must say yes
@janniepie212 oh. Even with the cert installed, Snapchat encryption would hide the message info. You're likely safe provided use of Snapchat is not prohibited as the company could definitely tell the recipient used Snapchat (tho not likely what was said)
Not company phones. If they can see the data and that it is snapchat, can they see the images which would have my face and be a giveaway that I was on the app? Otherwise I believe they would only see my IP address and it won't reveal much about me otherwise since I don't use the work wifi. Is that correct?