5 Ways Snapchat Violated Your Privacy, Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Social
03:06 PM
Connect Directly

5 Ways Snapchat Violated Your Privacy, Security

Snapchat settles FTC allegations that the company lied to consumers about the application's security and privacy. Here's what you should know.

Twitter Revamp: 10 Things To Know
Twitter Revamp: 10 Things To Know
(Click image for larger view and slideshow.)

If Snapchat's promise of self-destructing videos and images sounded too good to be true, that's because it was. The company agreed to settle charges with the Federal Trade Commission on Thursday following allegations that it made several misrepresentations to consumers about the app's security and privacy.

"If a company markets privacy and security as key selling points in pitching its services to consumers, it is critical that it keep those promises," said FTC chairwoman Edith Rameriz in a statement. "Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action."

Snapchat's central feature promised users that they could send images and videos that disappear forever after the sender-designated time period expired. According to the complaint, these claims were false. The complaint also alleged that the app tracked and transmitted some users' location information and collected data from their address books without their consent.

[Snapchat dives deeper into mobile messaging. Read Snapchat Debuts Mobile Messaging, Video Chat.]

Snapchat addressed its settlement with the FTC in a blog post, acknowledging its missteps. "While we were focused on building, some things didn't get the attention they could have," it said. "One of those was being more precise with how we communicated with the Snapchat community."

The FTC did not impose a monetary penalty, but the company will be subject to independent privacy monitoring for the next 20 years. If it violates the terms of the settlement, the company could face penalties of up to $16,000 per violation.

Here's a look at how Snapchat violated your privacy and security, according to the allegations, plus instructions for deleting your account.

1. Recipients may have saved your images
Despite the app's promises, your images did not necessarily disappear forever. According to the complaint, a number of developers built applications that users could download to save picture and video messages without your knowledge. Ten of these applications in the Google Play store alone have been downloaded as many as 1.7 million times.

Recipients of your Snapchat messages could also use their devices' screenshot capabilities to capture an image of a snap while it appeared on their screens, the FTC said. Snapchat claimed that if this happened, it would notify you immediately -- but that wasn't true. Any recipient with an Apple device with an operating system predating iOS 7 could save a screenshot without alerting you.

2. Recipients may have saved your videos
Until October 2013, recipients could connect their mobile devices to a computer and use file browsing tools to locate and save video files you sent them, the FTC said. This was possible because Snapchat stored video files in a location outside of the app's "sandbox," or the app's private storage area on the device, that other apps couldn't access.

3. Snapchat may have transmitted your location
While Snapchat's privacy policy says it does not ask for, track, or access any location-specific information from your device at any time, those claims are false, the FTC said. In fact, the company did transmit WiFi-based and cell-based location information from Android users' mobile devices to its analytics tracking service provider.

4. Snapchat may have collected contact information from your address book
Snapchat's privacy policy claimed that the app collected only your email, phone number, and Facebook ID to find friends for you to connect with. However, if you're an iOS user and entered your phone number to find friends, Snapchat collected the names and phone numbers of all the contacts in your mobile device address books without your notice or consent.

5. The "Find Friends" feature was not secure
Because Snapchat did not verify users' phone numbers during registration, some consumers complained that they sent images or videos to someone under the false impression that they were communicating with a friend. In reality, these messages were sent to strangers who had registered with phone numbers that did not belong to them.

This resulted in a security breach permitting attackers to compile a database of 4.6 million Snapchat usernames and phone numbers, which could lead to spam, phishing, and other unsolicited communications, the FTC said.

How to delete your Snapchat account
If you no longer use the service or wish to delete your account, you can do so in a few quick steps. Note that deleting the application from your device does not delete your account.

To delete your Snapchat account, visit snapchat.com/a/delete_account and enter in your username and password. It will ask you to enter in your account information again on the Delete Account screen. Then click the green button to confirm. This action cannot be undone.

Can the trendy tech strategy of DevOps really bring peace between developers and IT operations -- and deliver faster, more reliable app creation and delivery? Also in the DevOps Challenge issue of InformationWeek: Execs charting digital business strategies can't afford to take Internet connectivity for granted.

Kristin Burnham currently serves as InformationWeek.com's Senior Editor, covering social media, social business, IT leadership and IT careers. Prior to joining InformationWeek in July 2013, she served in a number of roles at CIO magazine and CIO.com, most recently as senior ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Apprentice
5/9/2014 | 3:29:47 PM
5 Ways The NSA Violated Your Privacy, Security
Snapchat gets punished....
User Rank: Ninja
5/11/2014 | 1:03:59 PM
Re: 5 Ways The NSA Violated Your Privacy, Security
I don't know why, but when I first heard of Snapchat I was convinced they had a great privacy product. It goes to show that startups often promise but cannot deliver. It's surprising to me that the company did face a cash fine, but at least they will be under the eye of privacy monitors going forward. 

This just shows that unless it is somehow provable that privacy is really a myth. 
User Rank: Ninja
5/12/2014 | 5:52:06 AM
There's always a way
There was always going to be a way to do this, even if it was something retro like taking a picture of the phone screen. It's not too surprising that methods for preventing deletion appeared that were more sophisticated - though it's a shame the company behind Snapchat wasn't more open with this from the get go. 
User Rank: Ninja
5/12/2014 | 9:30:14 AM
Not Me
Here's a look at how Snapchat violated your privacy and security . . . Not my security because I never signed up, why would I want to send a photo to someone that I didn't want anyone else to see, that is just plan dumb IMO, because you can never be sure. The standard has been, for anyone with knowledge of the Web, if you don't want the world to see it don't put it out there anywhere in any form.
User Rank: Ninja
5/12/2014 | 9:34:21 AM
Re: There's always a way
Of course if they had been more open with the fact that there would always be a way then they would never have gotten off the ground. Imagine if their advertising had been truthful. "Send photos to people and we will try really hard to make sure the photos are deleted after a few minutes so maybe no one else will ever see them. There are ways for people to circumvent our deletion process but hey that's OK download the app and send your photos anyway."
User Rank: Ninja
5/12/2014 | 9:36:05 AM
Re: 5 Ways The NSA Violated Your Privacy, Security
Unfortunately provable is the myth in situations like this.
User Rank: Author
5/13/2014 | 8:50:25 AM
Re: Not Me
@majenkins I didn't either. I also dissuade my kids from signing up for things like that because I don't trust them to be secure at all. 
Why 2021 May Turn Out to be a Great Year for Tech Startups
John Edwards, Technology Journalist & Author,  2/24/2021
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll