5 Ways Snapchat Violated Your Privacy, Security - InformationWeek
Software // Social
03:06 PM
Connect Directly

5 Ways Snapchat Violated Your Privacy, Security

Snapchat settles FTC allegations that the company lied to consumers about the application's security and privacy. Here's what you should know.

Twitter Revamp: 10 Things To Know
Twitter Revamp: 10 Things To Know
(Click image for larger view and slideshow.)

If Snapchat's promise of self-destructing videos and images sounded too good to be true, that's because it was. The company agreed to settle charges with the Federal Trade Commission on Thursday following allegations that it made several misrepresentations to consumers about the app's security and privacy.

"If a company markets privacy and security as key selling points in pitching its services to consumers, it is critical that it keep those promises," said FTC chairwoman Edith Rameriz in a statement. "Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action."

Snapchat's central feature promised users that they could send images and videos that disappear forever after the sender-designated time period expired. According to the complaint, these claims were false. The complaint also alleged that the app tracked and transmitted some users' location information and collected data from their address books without their consent.

[Snapchat dives deeper into mobile messaging. Read Snapchat Debuts Mobile Messaging, Video Chat.]

Snapchat addressed its settlement with the FTC in a blog post, acknowledging its missteps. "While we were focused on building, some things didn't get the attention they could have," it said. "One of those was being more precise with how we communicated with the Snapchat community."

The FTC did not impose a monetary penalty, but the company will be subject to independent privacy monitoring for the next 20 years. If it violates the terms of the settlement, the company could face penalties of up to $16,000 per violation.

Here's a look at how Snapchat violated your privacy and security, according to the allegations, plus instructions for deleting your account.

1. Recipients may have saved your images
Despite the app's promises, your images did not necessarily disappear forever. According to the complaint, a number of developers built applications that users could download to save picture and video messages without your knowledge. Ten of these applications in the Google Play store alone have been downloaded as many as 1.7 million times.

Recipients of your Snapchat messages could also use their devices' screenshot capabilities to capture an image of a snap while it appeared on their screens, the FTC said. Snapchat claimed that if this happened, it would notify you immediately -- but that wasn't true. Any recipient with an Apple device with an operating system predating iOS 7 could save a screenshot without alerting you.

2. Recipients may have saved your videos
Until October 2013, recipients could connect their mobile devices to a computer and use file browsing tools to locate and save video files you sent them, the FTC said. This was possible because Snapchat stored video files in a location outside of the app's "sandbox," or the app's private storage area on the device, that other apps couldn't access.

3. Snapchat may have transmitted your location
While Snapchat's privacy policy says it does not ask for, track, or access any location-specific information from your device at any time, those claims are false, the FTC said. In fact, the company did transmit WiFi-based and cell-based location information from Android users' mobile devices to its analytics tracking service provider.

4. Snapchat may have collected contact information from your address book
Snapchat's privacy policy claimed that the app collected only your email, phone number, and Facebook ID to find friends for you to connect with. However, if you're an iOS user and entered your phone number to find friends, Snapchat collected the names and phone numbers of all the contacts in your mobile device address books without your notice or consent.

5. The "Find Friends" feature was not secure
Because Snapchat did not verify users' phone numbers during registration, some consumers complained that they sent images or videos to someone under the false impression that they were communicating with a friend. In reality, these messages were sent to strangers who had registered with phone numbers that did not belong to them.

This resulted in a security breach permitting attackers to compile a database of 4.6 million Snapchat usernames and phone numbers, which could lead to spam, phishing, and other unsolicited communications, the FTC said.

How to delete your Snapchat account
If you no longer use the service or wish to delete your account, you can do so in a few quick steps. Note that deleting the application from your device does not delete your account.

To delete your Snapchat account, visit snapchat.com/a/delete_account and enter in your username and password. It will ask you to enter in your account information again on the Delete Account screen. Then click the green button to confirm. This action cannot be undone.

Can the trendy tech strategy of DevOps really bring peace between developers and IT operations -- and deliver faster, more reliable app creation and delivery? Also in the DevOps Challenge issue of InformationWeek: Execs charting digital business strategies can't afford to take Internet connectivity for granted.

Kristin Burnham currently serves as InformationWeek.com's Senior Editor, covering social media, social business, IT leadership and IT careers. Prior to joining InformationWeek in July 2013, she served in a number of roles at CIO magazine and CIO.com, most recently as senior ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
5/13/2014 | 8:50:25 AM
Re: Not Me
@majenkins I didn't either. I also dissuade my kids from signing up for things like that because I don't trust them to be secure at all. 
User Rank: Ninja
5/12/2014 | 9:36:05 AM
Re: 5 Ways The NSA Violated Your Privacy, Security
Unfortunately provable is the myth in situations like this.
User Rank: Ninja
5/12/2014 | 9:34:21 AM
Re: There's always a way
Of course if they had been more open with the fact that there would always be a way then they would never have gotten off the ground. Imagine if their advertising had been truthful. "Send photos to people and we will try really hard to make sure the photos are deleted after a few minutes so maybe no one else will ever see them. There are ways for people to circumvent our deletion process but hey that's OK download the app and send your photos anyway."
User Rank: Ninja
5/12/2014 | 9:30:14 AM
Not Me
Here's a look at how Snapchat violated your privacy and security . . . Not my security because I never signed up, why would I want to send a photo to someone that I didn't want anyone else to see, that is just plan dumb IMO, because you can never be sure. The standard has been, for anyone with knowledge of the Web, if you don't want the world to see it don't put it out there anywhere in any form.
User Rank: Ninja
5/12/2014 | 5:52:06 AM
There's always a way
There was always going to be a way to do this, even if it was something retro like taking a picture of the phone screen. It's not too surprising that methods for preventing deletion appeared that were more sophisticated - though it's a shame the company behind Snapchat wasn't more open with this from the get go. 
User Rank: Ninja
5/11/2014 | 1:03:59 PM
Re: 5 Ways The NSA Violated Your Privacy, Security
I don't know why, but when I first heard of Snapchat I was convinced they had a great privacy product. It goes to show that startups often promise but cannot deliver. It's surprising to me that the company did face a cash fine, but at least they will be under the eye of privacy monitors going forward. 

This just shows that unless it is somehow provable that privacy is really a myth. 
User Rank: Apprentice
5/9/2014 | 3:29:47 PM
5 Ways The NSA Violated Your Privacy, Security
Snapchat gets punished....
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Success = Storage & Data Center Performance
Balancing legacy infrastructure with emerging technologies requires laying a solid foundation that delivers flexibility, scalability, and efficiency. Learn what the most pressing issues are, how to incorporate advances like software-defined storage, and strategies for streamlining the data center.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll