FTC Calls Out Snapchat for Weak Security and Misleading Practices

Source: http://www.flickr.com/photos/andrewbender713/

Source: http://www.flickr.com/photos/andrewbender713/

Remember that embarrassing snap you sent to all of your Snapchat friends last weekend knowing it couldn’t come back to shame you? What about the time you put in your phone number so Snapchat could help you find people you know? Or how about the time your privacy was secure because that was the Snapchat promise? According to the Federal Trade Commission, all that reality of Snapchat was not always the case.

Most users of Snapchat should know by now that other users can take a screenshot on their phone in order to store a snap they receive. But Snapchat had a system to alert users if this occurred. So, everything was okay, right? Not according to the FTC — and that was only a small part of what was wrong. The complaint against Snapchat claims that users were misled about how snaps, their privacy, and their data was handled, if not simply left uninformed about what Snapchat was doing with information.

In terms of pictures, one of the problems was that from October 2012 to October 2013 the Frequently Asked Questions section of Snapchat’s website claimed “snaps disappear after the timer runs out” and there is thus no way to view them after that point. This was notably untrue, as have been numerous methods to save snaps, either by capturing them or accessing them through other applications, and even the screenshot notifications can be worked around. It was also possible to view and save video snaps because they were stored outside of the app’s storage space and weren’t encrypted. These problems made up Count 1 and Count 2 in the case against Snapchat, but the FTC ended with six counts against the tech company.

The FTC further claimed that Snapchat had been getting hold of more information than it told users it would. For one, Snapchat had been collecting the contents of users’ mobile address books while only making it seem like users only needed to enter their own phone number to find their friends. This was the case up until September 2012, when iOS began notifying users if apps accessed the address book.

From June 2011 to February 2013, Snapchat also claimed that, “We do not ask for, track, or access any location specific information from your device at any time while you are using the Snapchat application.” However, the FTC noted that the company had collected Wi-Fi and network-based location information and supplied it to its analytics tracking service provider.

On top of it all, the promised sense of security proved to be a little less secure. Between June 2011 and the present, Snapchat claimed to take “reasonable measures” to protect user information, though the specific language in the privacy policy changed multiple times. According to the FTC, Snapchat did not take very good measures to secure the platform, as it was possible for some time for users to make accounts using false phone numbers, and such a practice was employed by hackers to gather 4.6 million users names and phone numbers.

Though Snapchat isn’t particularly in trouble yet, as it can correct these problems before it faces penalties, it may be hurt by a damage to the trust of users. In its blog, Snaptchat said that, “Even before today’s consent decree was announced, we had resolved most of those concerns over the past year by improving the wording of our privacy policy, app description, and in-app just-in-time notifications. And we continue to invest heavily in security and countermeasures to prevent abuse.” Future breaches of trust can be expected to be significantly reduced as a result of this FTC action, and other companies acting similarly may hold back, knowing that they could be next under scrutiny.

More From Wall St. Cheat Sheet: