Many people use Facebook Stories thinking all their shared media will get deleted after 24 hours. However, it is not so difficult to save images and videos from your friends' stories so that you can still see on your phone, or save them forever.
Big disclaimer: this article is not written to let you steal Facebook Stories from your friends and putting their privacy in danger. Its objective is to show how these trending social mechanics are not totally secure and you should not feel safe behind the '24-hour-after deletion' barrier of your shares, as anyone with a bit of technical skills with Android may break it. Therefore, i claim no responsibility for any harm made on and by your phone while abusing the informations there exposed for inappropriate or illegal purpose.
Little disclaimer: this procedure has been studied on an Android version of the Facebook app and requires root access. Other versions of the app for different OS may work similarly.
The simplest method to save a Facebook Story is to take a screenshot of your phone. However, this action has two immediate inconveniences:
The Facebook app might have, and it probably does, a system that can detect if you're taking a screenshot or not.
It is not possible to save videos this way.
There's another pretty simple method to recover media files saved on your phone by the app, that serve as cache for further views of the same media. First, let’s explain what caching is.
Caching consists of saving data that has been recently used and may be often used suddenly. For example, the first time you visualize a Stories' video the app downloads it, but then you might want to rewatch it and downloading it again is inefficient. The app, thus, saves the video in its cache folder and loads the video directly from your phone, without using internet connection to redownload it from FB servers. Photos and any other media are treated analogously.
Even if media saved for caching are somehow encrypted and hidden, it's possible to get the original file and it's not as difficult as it seems.
Step 1: Locate Facebook's cache folder
This is the easiest part of the procedure and the most 'straightforward' as every normal installation of the app places its cache data under 'data/data/com.facebook.katana/cache/'. Note that, for very good reasons, this path is inaccessible from other apps and you can only access it by rooting your device.
Step 2: Recovering cached media
As you can see yourself, the cache doesn't only contain Stories but also all the videos and images the app downloaded while you were scrolling your wall. You'll have to 'dig' a bit to find the media you're interested in, so here's a tip to restrict possibilities.
Optional, but RECOMMENDED: an easy way to narrow down the data you're interested in is to delete ONLY the 'cache' folder located in 'com.facebook.katana' and the 'ExoPlayerCacheDir' located in 'com.facebook.katana/files'. This will remove all cached media. Then, open the facebook app and visualize only the media you want to save, trying not to open any other photo/video/story. Doing so the app will cache those media and the files you'll have to search on to find them will be much less.
Now create an auxiliary folder in your home (not in your root). We shall it 'Test', but the name doesn't make any difference, the most important thing is that it's not located in your root as most built-in android apps to see media can't access that part of your disk.
Images: There should be a folder named 'cache/image/v2.ols100.1' or something similar, containing many subfolders numbers-only named and with a lot of '.CNT' files into them. Copy 'vs.ols100.1' into the 'Test' folder you created before.
Videos: Look for the folder 'files/ExoPlayerCacheDir/videocache'. There should be some .exo files, if your app cached the video-Stories you visualized correctly. Copy that in the 'Test' folder you created before.
Step 3: Converting and visualizing the media you recovered
Those files seem incomprehensible and can't be opened directly, but it’s simply a matter of renaming these files to the right format.
Images: Navigate in the subfolder, and for every .CNT file repeat those steps:
Rename the extension to .jpg
If your file manager shows preview, check if it's the photo you're looking for. Otherwise, Open the file with any photo views (even Android's default gallery should make the trick).
If that's not the Story you're looking for, proceed to the next .CNT file and if there are not, go back and proceed to the next subfolder.
Once you've found the photo you used to search, you can just save it as any normal JPG image and view it everytime you want, forever.
Videos: Saving videos is, in a sense, easier than searching for photos as each video is saved separately from each other in its original format. Unfortunately, that format is what creates the main issue in opening those files. The app saves videos cache in the .EXO file format. This is a format that has been developed by Google specifically for Android and its specific are, as far as i know, not public.
It is not possible to convert them to a more friendly video format but it is still possible to open the files directly using a media player that supports EXO videos. I found that in Android 4.2 the default video viewer is unable to read those files but VLC for Android does. What you need is to download any app that supports this format (I used VLC) and open all files into this directory until you find the video you're looking for and save it anywhere you want on your phone, forever.
Now, the photos you shared and you thought were not available anymore after 24 hours, don't seem to be so 'lost' anymore. But let me clarify, again, what's the objective of this article by answering some questions that can immediately come up in mind after reading it.
Is this a bug on the FB app or anything else caused by negligence?
NO. Unfortunately, if you can see something on your screen this has to be physically present on your memory, even for a fraction of a second, for your device to be able to show it to you. There isn't a simple way to not do that, and caching is the best thing to do for network-expensive applications like Facebook.
Does this mean that Facebook Stories and other similar social networks are unsafe and we shouldn't use them anymore?
The answer is Hell, NO. Panic is the last thing to do, and as i said this is how these things work, there's no technical alternative to this.
The point is that if you are unsure about sharing a photo or a video, do not do that. Those media will always be downloadable and there's not an easy way to avoid this risk. We should start thinking more on what we conceded instead of complaining about privacy violations, when we are the first ones renouncing/risking our privacy.
- Facebook for Android Artifacts - a forensic analysis of the Facebook app