Prevent Snapchat's Forced Logout

[neuegram]

I'm sure in testing y'all have noticed it logs you out whenever you login elsewhere. This is a problem for 3rd party apps on iOS / Android / Etc. I've come up with a way to connect with the Snapchat API while avoiding this. I'm not sure of its limitations, but at the very least it should be able to retrieve snaps.

[Rob--]

What's your way?

Mine is simply running an infinite loop where you create a bot and log in. I catch HTTPErrors and another one I can't quite remember, I wait 3 minutes before continuing the loop.

[neuegram]

My method uses Apple's notification system. I realized that even after logging out, notifications continue. I have plans to reverse-engineer this connection to Apple's push servers, although it won't be easy.

[agermanidis]

The most lightweight way to do this is probably to retry logging in if you get a 400 error when performing any of the bot methods. I think I'll make a decorator for all the bot methods that does that.

@neuegram is there code available somewhere with your approach?

[neuegram]

I'm working on reversing it. It's a pain because iOS notifications won't route through a proxy specified in network settings and they are certificate pinning. This could work well for getting around future blocks on Snapchat's end.

[Rob--]

@neuegram notifications don't necessarily continue after "logging out". If you're on an account on your phone and you close Snapchat and log into the account on your computer you will continue receiving notifications because Snapchat isn't open and therefore (I think) it doesn't send any requests to the API so the servers don't know you're actually still logged in. If you were to open the app again and refresh anything, you would be logged out after sending the request because the computer has a session open.

[neuegram]

This is evidence that the background requests don't rely on auth_tokens, which could also serve as a vulnerability.