A court settlement involving Snapchat has reinforced the notion that there is no real privacy on the Internet. The popular messaging app, which promised users photos and videos that disappear forever, was forced to settle with the Federal Trade Commission over allegations of misleading consumers and misusing customer data.
“If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises,” said FTC Chairwoman Edith Ramirez. “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”
According to the FTC complaint, Snapchat’s claims about its service differed from how the app actually works. The photos and videos that were sent through the app, which are called “snaps,” were described by the service as “ephemeral,” in the sense that it would erase itself automatically and not end up in storage in a remote server. The FTC said this claim was inaccurate because when a photo lapses after a user-designated time period, there are simple ways to save a photo indefinitely.
“Consumers can, for example, use third-party apps to log into the Snapchat service … Because the service’s deletion feature only functions in the official Snapchat app, recipients can use these widely available third-party apps to view and save snaps indefinitely. Indeed, such third-party apps have been downloaded millions of times. Despite a security researcher warning the company about this possibility, the complaint alleges, Snapchat continued to misrepresent that the sender controls how long a recipient can view a snap,” the FTC said in a press release.
Aside from Snapchat’s inaccurate pitch, the service was also found to have stored video snaps outside of its “sandbox” (which made the files accessible to recipients longer than the sender intended) and made deceptive claims relating to its notification process when a recipient takes a screenshot, which can be easily circumvented in phones that pre-date iOS 7.
The service also raised a different set of privacy concerns. Its Android app was found to have transmitted the geolocation information users. In its privacy policy, the company said it did not access that kind of information. The complaint also accused Snapchat of accessing the address book of its iOS users to collecting contact information without consent.
In the consent order signed by both the FTC and Snapchat, the messaging app was directed to deliver on its initial promise to its customers.
“IT IS ORDERED that respondent and its officers, agents, representatives, and employees, directly or indirectly, shall not misrepresent in any manner, expressly or by implication, in or affecting commerce, the extent to which respondent or its products or services maintain and protect the privacy, security, or confidentiality of any covered information, including but not limited to: (1) the extent to which a message is deleted after being viewed by the recipient; (2) the extent to which respondent or its products or services are capable of detecting or notifying the sender when a recipient has captured a screenshot of, or otherwise saved, a message; (3) the categories of covered information collected; or (4) the steps taken to protect against misuse or unauthorized disclosure of covered information,” the agreement read.
We have reached out to Snapchat and we are still waiting for a response. However, the company has posted a blog post on its website to acknowledged its “mistakes.”
“While we were focused on building, some things didn’t get the attention they could have. One of those was being more precise with how we communicated with the Snapchat community. This morning we entered into a consent decree with the FTC that addresses concerns raised by the commission. Even before today’s consent decree was announced, we had resolved most of those concerns over the past year by improving the wording of our privacy policy, app description, and in-app just-in-time notifications. And we continue to invest heavily in security and countermeasures to prevent abuse,” the company said.
“We are devoted to promoting user privacy and giving Snapchatters control over how and with whom they communicate. That’s something we’ve always taken seriously, and always will.”
