Posted in: Android, iOS, Mobile software

Snapchat settles with FTC after a privacy violation smackdown

Ephemeral messaging is huge right now with Snapchat leading the charge. Except “ephemeral” messages are more permanent than the name might suggest – charges were filed with the FTC against the photo messenger about this and a couple of other issues.

“If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises,” said FTC Chairwoman Edith Ramirez. “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”

A weakness in Snapchat’s system exposed personal info for 4.6 million of its users earlier this year and the developer’s attempt at fixing it didn’t go very well.

FTC found more problems. Users can log in with third-party apps and such apps can easily save received messages. The commission found that “such third-party apps have been downloaded millions of times.”

It gets worse still, you don’t even need a third-party app. Snapchat stores photos and videos in its “sandbox” where other apps can’t touch it, but they are not encrypted so if you connect your phone to a PC, you can easily download them. The screenshot detection feature could also be easily circumvented on iOS prior to version 7.

Worst of all is that Snapchat itself misrepresented its commitment to privacy and its Android app regularly transmitted geolocation info, while the iOS app collected info from users’ phonebooks without their consent, all while claiming the opposite in the app’s privacy policy.

Additionally, the FTC alleges that Snapchat failed to verify that users were who they claim to be (easier to fake after the 4.6 million user data leak) and people can send and receive snaps to and from people claiming to be their friends, while actually communicating with malicious attackers and spammers.

Finally, here’s the settlement that Snapchat and the FTC entered – “Snapchat will be prohibited from misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users’ information. In addition, the company will be required to implement a comprehensive privacy program that will be monitored by an independent privacy professional for the next 20 years.”

You can read Snapchat’s blog post about the settlement and FTC’s press release.



Rules for posting