accounts getting locked due to 3rd party usage.

[Snowlav]

Hey everyone,

Strangely enough I still face this issue, even with the new endpoints, headers and parameters.
Anyone here that can shed some light on why and how snapchat detects this?
How to prevent it?

I figured a temporary fix would be to save auth token and keep logging in with that, because it seems to happen after like X amount of times that you login using 3rd party code.

[liamjack]

Well now we know it's not with the headers then all you have to do is look at what the real application does and what our current "third party apps" don't do. The actual application sends off a device token for Google messaging every now and then, but most importantly it sends off statistics to Snapchat, maybe they are basing themselves off the fact that our third party apps don't communicate as much as the real application. I will get round to documenting the statistics data, what new endpoints are you using ?

[Snowlav]

Thanks for your comment!
The new endpoint's I'm using are:
/loq/login
/bq/friend

[liamjack]

Ok try sending a request just after login to /ph/device with a random device_token (Here's an example one : APA91bGtT3_CXpBk_q3qBGt8hutXkgQmA1S7RMtNpXz9pBU4Sjl4koU6p5B_caUmuA-7-L5YGfzFoAZfiPKlI_9eNm2gq9wstmw7kF99wlw4PKhEmreaOaCQZlXBmjaZmnATb0-QzJ42HfrB90mspi3ZmiQTHtOCwQ)

Taking a look at the internal analytics system (sc-analytics.appspot.com/post_events => Same IP as normal endpoint server), here is what is posted off :

{"batch_id":"3f5e253d-5267-4d70-ba6b-43d4da8cc407Snapchat811BetaNexus4Android17gzip1420154607671","common_params":{"city":"Unimplemented","country":"Unimplemented","frien
d_count":71,"latlon":"Unimplemented","region":"Unimplemented","sc_user_agent":"Snapchat/8.1.1 Beta (Nexus 4; Android 17; gzip)","session_id":"00000000-0000-0000-0000-0000
00000000","user_id":"29JsoXPp26RFx/5yS4ddcoZr/cK3Miyy94MMvilIX7M\u003d\n"},"events":[{"event_name":"APP_OPEN","event_params":{"intent_action":"null","open_state":"NORMAL"
},"event_timestamp":1420154607663}]}

No apparent authentication token linking directly to the Snapchat account, so maybe they look for network activity patterns, for example whenever you open the application the same endpoints are called in a specific order :

1. feelinsonice-hrd.appspot.com/loq/login
2. sc-analytics.appspot.com/post_events
3. feelinsonice-hrd.appspot.com/loq/all_updates
4. feelinsonice-hrd.appspot.com/bq/story_thumbnail (Multiple calls fetching all new story thumbnails)
5. feelinsonice-hrd.appspot.com/ph/device
6. feelinsonice-hrd.appspot.com/shared/description (Multiple calls fetching all shared story descriptions)
7. feelinsonice-hrd.appspot.com/bq/story_blob (Multiple calls fetching all story media)
8. feelinsonice-hrd.appspot.com/loq/conversations

Or if not maybe because of the amount of logins the "third party application" does compared to the actual application, Snapchat on a phone has to login once, then the auth_token is valid until logged out or until a login occurs elsewhere, so logins don't happen often.