Snapchat 'deceived users' about disappearing messages, will be monitored by gov't
Snapchat is a messaging application that allows users to share pictures, short videos, messages and video chats with a friend or group. These messages, called Snaps, can be viewed for up to 10 seconds before they disappear.
“In most cases, once the recipient has viewed a message, it is automatically deleted from Snapchat’s servers and cannot be retrieved,” the company writes about its product. The app says it will notify a user if their Snap has been screen-captured by the recipient. But a study carried out by a US firm last April said Snapchat was not in fact designed to erase the files.
The FTC filed a six-count complaint against the popular app, saying it wasn’t living up to its promises of privacy and security. The commission accused Snapchat of misrepresenting how the application actually works.
“Despite Snapchat’s claims, the complaint describes several simple ways that recipients could save snaps indefinitely,” the FTC said in a press release.
In a blog post, the FTC went into detail on how even those people who aren’t particularly tech-savvy could save Snaps. “When a recipient got a video message, Snapchat stored the file in a location outside of the app’s ‘sandbox,’ the private storage area on the device that other apps can’t access. Because the file was in an unrestricted place, the recipient could connect their device to a computer and use simple browsing tools to locate and save the video,” the blog post says. “That method was widely publicized as early as December 2012, but the FTC says Snapchat didn’t fix the flaw until almost a year later when it began encrypting video files sent through the app.”
The complaint also detailed how Snapchat deceived its users regarding the amount of personal data it collected and the security measures taken to protect that data. It accused Snapchat of “failure to secure its Find Friends feature resulted in a security breach that enabled attackers to compile a database of 4.6 million Snapchat usernames and phone numbers,” the statement said. RT previously reported on the greatest security fail in the mobile app’s history.
“If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises,” FTC Chairwoman Edith Ramirez said in the statement. “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”
Snapchat settled with the FTC without admitting any wrongdoing. They will not pay a monetary penalty, but are now prohibited from “misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users' information," according to the settlement agreement. The company must create a comprehensive privacy program to address new and existing privacy risks and to protect the privacy and confidentiality of information Snapchat collects. The program will be monitored by an independent privacy professional for 20 years.
The company has acknowledged its shortcomings.
“When we started building Snapchat, we were focused on developing a unique, fast, and fun way to communicate with photos. We learned a lot during those early days. One of the ways we learned was by making mistakes, acknowledging them, and fixing them,” Snapchat wrote in a blog post. “While we were focused on building, some things didn’t get the attention they could have. One of those was being more precise with how we communicated with the Snapchat community.”
The app developers went on to note they had already worked to fix the issues even before the settlement.
Snapchat was founded in 2011 by Robert Murphy and Evan Spiegel as students at Stanford University. The app quickly gained popularity among teens eager to avoid their parents on traditional social media platforms like Facebook. The two founders reportedly declined a $3 billion offer from Facebook and a $4 billion offer from Google to acquire Snapchat.