I have a question and would really appreciate it if someone shortly provides me with some guidance. I wanted to add end-to-end encryption to SnapChat app. Is it doable using XPOSED framework to add encryption (per user)?
PS. Currently SnapChat uses encryption but it is not end-to-end per each user.
I am looking froward to hearing from you. Regards
H.
I am in no way a security expert but I have some experience with Xposed.
While it wouldnt be a full end-to-end encryption in the sense that only ip/tcp headers are visible, since i assume you require some sort of intermediate server to deal with mobile device connectivity, in this case Snapchat servers, It would be possible to make it so that the text and images would be ciphered and accessible just by the both ends (perhaps considering something like otr, which is used by xmpp apps like xabber and whatsapp -> libraries for java)
You could intercept the methods that 1) send a text or image and 2) receive them. In 1) replace the text with a ciphered version, or if an image, send a ciphered image that still behaves as an image as well (tricky if there is compression) or even cancel the method call and do a send text call instead! On 2) Anytime the application receives a text, check if it is ciphered and replace the text in the view, same applies to images, replace them by the unciphered version.
You can possibly start with a bruteforce approach just to corroborate the idea, by doing it on per text/image view in your android application. You can use this project as an example, it captures text and images in many common instant messaging apps already.
If you run into performance issues (which might not happen at all with the previous approach) and need to identify which methods to intercept in Snapchat there are many static analysis tools built on top of apktool (can check this repo for awesome android tools).
Good luck! Make it opensource and link it here ppplllss! :P
