Software // Social
News
5/9/2014
03:06 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

5 Ways Snapchat Violated Your Privacy, Security

Snapchat settles FTC allegations that the company lied to consumers about the application's security and privacy. Here's what you should know.

Twitter Revamp: 10 Things To Know
Twitter Revamp: 10 Things To Know
(Click image for larger view and slideshow.)

If Snapchat's promise of self-destructing videos and images sounded too good to be true, that's because it was. The company agreed to settle charges with the Federal Trade Commission on Thursday following allegations that it made several misrepresentations to consumers about the app's security and privacy.

"If a company markets privacy and security as key selling points in pitching its services to consumers, it is critical that it keep those promises," said FTC chairwoman Edith Rameriz in a statement. "Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action."

Snapchat's central feature promised users that they could send images and videos that disappear forever after the sender-designated time period expired. According to the complaint, these claims were false. The complaint also alleged that the app tracked and transmitted some users' location information and collected data from their address books without their consent.

[Snapchat dives deeper into mobile messaging. Read Snapchat Debuts Mobile Messaging, Video Chat.]

Snapchat addressed its settlement with the FTC in a blog post, acknowledging its missteps. "While we were focused on building, some things didn't get the attention they could have," it said. "One of those was being more precise with how we communicated with the Snapchat community."

The FTC did not impose a monetary penalty, but the company will be subject to independent privacy monitoring for the next 20 years. If it violates the terms of the settlement, the company could face penalties of up to $16,000 per violation.

Here's a look at how Snapchat violated your privacy and security, according to the allegations, plus instructions for deleting your account.

1. Recipients may have saved your images
Despite the app's promises, your images did not necessarily disappear forever. According to the complaint, a number of developers built applications that users could download to save picture and video messages without your knowledge. Ten of these applications in the Google Play store alone have been downloaded as many as 1.7 million times.

Recipients of your Snapchat messages could also use their devices' screenshot capabilities to capture an image of a snap while it appeared on their screens, the FTC said. Snapchat claimed that if this happened, it would notify you immediately -- but that wasn't true. Any recipient with an Apple device with an operating system predating iOS 7 could save a screenshot without alerting you.

2. Recipients may have saved your videos
Until October 2013, recipients could connect their mobile devices to a computer and use file browsing tools to locate and save video files you sent them, the FTC said. This was possible because Snapchat stored video files in a location outside of the app's "sandbox," or the app's private storage area on the device, that other apps couldn't access.

3. Snapchat may have transmitted your location
While Snapchat's privacy policy says it does not ask for, track, or access any location-specific information from your device at any time, those claims are false, the FTC said. In fact, the company did transmit WiFi-based and cell-based location information from Android users' mobile devices to its analytics tracking service provider.

4. Snapchat may have collected contact information from your address book
Snapchat's privacy policy claimed that the app collected only your email, phone number, and Facebook ID to find friends for you to connect with. However, if you're an iOS user and entered your phone number to find friends, Snapchat collected the names and phone numbers of all the contacts in your mobile device address books without your notice or consent.

5. The "Find Friends" feature was not secure
Because Snapchat did not verify users' phone numbers during registration, some consumers complained that they sent images or videos to someone under the false impression that they were communicating with a friend. In reality, these messages were sent to strangers who had registered with phone numbers that did not belong to them.

This resulted in a security breach permitting attackers to compile a database of 4.6 million Snapchat usernames and phone numbers, which could lead to spam, phishing, and other unsolicited communications, the FTC said.

How to delete your Snapchat account
If you no longer use the service or wish to delete your account, you can do so in a few quick steps. Note that deleting the application from your device does not delete your account.

To delete your Snapchat account, visit snapchat.com/a/delete_account and enter in your username and password. It will ask you to enter in your account information again on the Delete Account screen. Then click the green button to confirm. This action cannot be undone.

Can the trendy tech strategy of DevOps really bring peace between developers and IT operations -- and deliver faster, more reliable app creation and delivery? Also in the DevOps Challenge issue of InformationWeek: Execs charting digital business strategies can't afford to take Internet connectivity for granted.

Kristin Burnham currently serves as InformationWeek.com's Senior Editor, covering social media, social business, IT leadership and IT careers. Prior to joining InformationWeek in July 2013, she served in a number of roles at CIO magazine and CIO.com, most recently as senior ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Ariella
50%
50%
Ariella,
User Rank: Ninja
5/13/2014 | 8:50:25 AM
Re: Not Me
@majenkins I didn't either. I also dissuade my kids from signing up for things like that because I don't trust them to be secure at all. 
majenkins
50%
50%
majenkins,
User Rank: Moderator
5/12/2014 | 9:36:05 AM
Re: 5 Ways The NSA Violated Your Privacy, Security
Unfortunately provable is the myth in situations like this.
majenkins
100%
0%
majenkins,
User Rank: Moderator
5/12/2014 | 9:34:21 AM
Re: There's always a way
Of course if they had been more open with the fact that there would always be a way then they would never have gotten off the ground. Imagine if their advertising had been truthful. "Send photos to people and we will try really hard to make sure the photos are deleted after a few minutes so maybe no one else will ever see them. There are ways for people to circumvent our deletion process but hey that's OK download the app and send your photos anyway."
majenkins
50%
50%
majenkins,
User Rank: Moderator
5/12/2014 | 9:30:14 AM
Not Me
Here's a look at how Snapchat violated your privacy and security . . . Not my security because I never signed up, why would I want to send a photo to someone that I didn't want anyone else to see, that is just plan dumb IMO, because you can never be sure. The standard has been, for anyone with knowledge of the Web, if you don't want the world to see it don't put it out there anywhere in any form.
Whoopty
100%
0%
Whoopty,
User Rank: Ninja
5/12/2014 | 5:52:06 AM
There's always a way
There was always going to be a way to do this, even if it was something retro like taking a picture of the phone screen. It's not too surprising that methods for preventing deletion appeared that were more sophisticated - though it's a shame the company behind Snapchat wasn't more open with this from the get go. 
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
5/11/2014 | 1:03:59 PM
Re: 5 Ways The NSA Violated Your Privacy, Security
I don't know why, but when I first heard of Snapchat I was convinced they had a great privacy product. It goes to show that startups often promise but cannot deliver. It's surprising to me that the company did face a cash fine, but at least they will be under the eye of privacy monitors going forward. 

This just shows that unless it is somehow provable that privacy is really a myth. 
BillC431
100%
0%
BillC431,
User Rank: Apprentice
5/9/2014 | 3:29:47 PM
5 Ways The NSA Violated Your Privacy, Security
Snapchat gets punished....
Social is a Business Imperative
Social is a Business Imperative
The use of social media for a host of business purposes is rising. Indeed, social is quickly moving from cutting edge to business basic. Organizations that have so far ignored social - either because they thought it was a passing fad or just didnít have the resources to properly evaluate potential use cases and products - must start giving it serious consideration.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.