5 Ways Snapchat Violated Your Privacy, Security

Snapchat settles FTC allegations that the company lied to consumers about the application's security and privacy. Here's what you should know.

Kristin Burnham, Senior Editor, InformationWeek.com

May 9, 2014

4 Min Read

Twitter Revamp: 10 Things To Know

Twitter Revamp: 10 Things To Know


Twitter Revamp: 10 Things To Know (Click image for larger view and slideshow.)

If Snapchat's promise of self-destructing videos and images sounded too good to be true, that's because it was. The company agreed to settle charges with the Federal Trade Commission on Thursday following allegations that it made several misrepresentations to consumers about the app's security and privacy.

"If a company markets privacy and security as key selling points in pitching its services to consumers, it is critical that it keep those promises," said FTC chairwoman Edith Rameriz in a statement. "Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action."

Snapchat's central feature promised users that they could send images and videos that disappear forever after the sender-designated time period expired. According to the complaint, these claims were false. The complaint also alleged that the app tracked and transmitted some users' location information and collected data from their address books without their consent.

[Snapchat dives deeper into mobile messaging. Read Snapchat Debuts Mobile Messaging, Video Chat.]

Snapchat addressed its settlement with the FTC in a blog post, acknowledging its missteps. "While we were focused on building, some things didn't get the attention they could have," it said. "One of those was being more precise with how we communicated with the Snapchat community."

The FTC did not impose a monetary penalty, but the company will be subject to independent privacy monitoring for the next 20 years. If it violates the terms of the settlement, the company could face penalties of up to $16,000 per violation.

Here's a look at how Snapchat violated your privacy and security, according to the allegations, plus instructions for deleting your account.

1. Recipients may have saved your images
Despite the app's promises, your images did not necessarily disappear forever. According to the complaint, a number of developers built applications that users could download to save picture and video messages without your knowledge. Ten of these applications in the Google Play store alone have been downloaded as many as 1.7 million times.

Recipients of your Snapchat messages could also use their devices' screenshot capabilities to capture an image of a snap while it appeared on their screens, the FTC said. Snapchat claimed that if this happened, it would notify you immediately -- but that wasn't true. Any recipient with an Apple device with an operating system predating iOS 7 could save a screenshot without alerting you.

2. Recipients may have saved your videos
Until October 2013, recipients could connect their mobile devices to a computer and use file browsing tools to locate and save video files you sent them, the FTC said. This was possible because Snapchat stored video files in a location outside of the app's "sandbox," or the app's private storage area on the device, that other apps couldn't access.

3. Snapchat may have transmitted your location
While Snapchat's privacy policy says it does not ask for, track, or access any location-specific information from your device at any time, those claims are false, the FTC said. In fact, the company did transmit WiFi-based and cell-based location information from Android users' mobile devices to its analytics tracking service provider.

4. Snapchat may have collected contact information from your address book
Snapchat's privacy policy claimed that the app collected only your email, phone number, and Facebook ID to find friends for you to connect with. However, if you're an iOS user and entered your phone number to find friends, Snapchat collected the names and phone numbers of all the contacts in your mobile device address books without your notice or consent.

5. The "Find Friends" feature was not secure
Because Snapchat did not verify users' phone numbers during registration, some consumers complained that they sent images or videos to someone under the false impression that they were communicating with a friend. In reality, these messages were sent to strangers who had registered with phone numbers that did not belong to them.

This resulted in a security breach permitting attackers to compile a database of 4.6 million Snapchat usernames and phone numbers, which could lead to spam, phishing, and other unsolicited communications, the FTC said.

How to delete your Snapchat account
If you no longer use the service or wish to delete your account, you can do so in a few quick steps. Note that deleting the application from your device does not delete your account.

snapchatFTC2.png

To delete your Snapchat account, visit snapchat.com/a/delete_account and enter in your username and password. It will ask you to enter in your account information again on the Delete Account screen. Then click the green button to confirm. This action cannot be undone.

Can the trendy tech strategy of DevOps really bring peace between developers and IT operations -- and deliver faster, more reliable app creation and delivery? Also in the DevOps Challenge issue of InformationWeek: Execs charting digital business strategies can't afford to take Internet connectivity for granted.

About the Author

Kristin Burnham

Senior Editor, InformationWeek.com

Kristin Burnham currently serves as InformationWeek.com's Senior Editor, covering social media, social business, IT leadership and IT careers. Prior to joining InformationWeek in July 2013, she served in a number of roles at CIO magazine and CIO.com, most recently as senior writer. Kristin's writing has earned an ASBPE Gold Award in 2010 for her Facebook coverage and a Min Editorial and Design Award in 2011 for "Single Online Article." She is a graduate of Syracuse University's S.I. Newhouse School of Public Communications.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights