There is absolutely no cryptographic means of preventing a Snapchat user from saving a Snapchat image he/she receives. No matter what measures they put in place, they will all effectively be security by obscurity. If the image is in RAM long enough for a human to see it, then it can be copied elsewhere.

The fact that their current encryption procedure is half-assed is because they know it'll be security by obscurity no matter what they do, so why even waste time?. It doesn't make a real difference either way. They just want to prevent the absolute simplest attacks. They could have XOR'd all images with a 1-byte key and it would be equivalent, and still would suffice the business need.

Enlightens on then on how you would solve the issue. You have a program, and the program is storing data and the "attacker" (here really the user himself) wants to bypass the policies enforced by the application. The attacker has access to both the binary of the app and the data.

What would you encrypt the data with that the user himself cannot also access? Without a secure encryption hardware module, there's little you can do except add additional layers of obscurity.

You could encrypt all the data with a key derived off the user's password, and require the user to re-enter the key if the app stops. That too could be broken.

You could store the images in some odd obfuscated format that only the app can understand. That too could be broken after some time.

You could never store any images on disk at all and fetch them only when requested. Then you have the third-party services imitating the app.

I'm not sure as no system is 100% secure. It's only a matter of how high you want to set the bar, but this bar is very low imho.

Because DRM does not work.