Sanchez said via email that he didn't report the issue to Snapchat before disclosing it publicly because he feels the company has a poor attitude toward security researchers based on how it handled previous vulnerabilities reported to it. In December a security research outfit called Gibson Security published an exploit that allowed attackers to match phone numbers to Snapchat accounts after claiming that the company didn't fix the underlying vulnerability for four months.
According to Sanchez, the problem disclosed by him still hadn't been fixed Saturday, but two accounts and a VPN IP address that he used for testing had been banned. Instead of banning the accounts of a researcher who has no interest in attacking real users and doesn't even use the service, the company should work on improving the security of their application, Sanchez said.
The researcher believes preventing this issue would require an easy fix on the server side. He doesn't know why the OS crashes on iPhones, but he suspects that it has something to do with the Push Notification system that iOS devices use to receive notifications from third-party applications. The research into that aspect continues, he said.