Snapchat Lied about privacy, saved your selfie images and videos on their server



Snapchat has agreed to settle with the Federal Trade Commission (FTC) deception charges leveled against itself without admitting or denying any wrongdoing, says an official statement released on Thursday.

As part of the settlement, the company is required to implement a privacy program monitored by an outside privacy expert for the next 20 years.

This settlement is similar to arrangements endorsed by Google, Facebook, and Myspace.

FTC had complained against Snapchat for ‘making multiple misrepresentations to consumers about its product that stood in stark contrast to how the app actually worked.


Other charges slapped against Snapchat included:

  • It stored video snaps unencrypted on the recipient’s device in a location outside the apps’ ‘sandbox’
  • Misrepresentation of data collection practices
  • Collection of iOS users’ contacts information from their address books without their consent: The apps, during registration, prompted the users to enter their mobile number to find their friends on Snapchat. It informed the users that the apps will collect their email, phone numbers, and Facebook ID. However, it also collected the names and phone numbers of all the contacts in their mobile device’s address book without the users’ permission.
  • Failure to secure its ‘Find Friends’ feature that resulted in a security breach that allowed the attackers to collect usernames and phone numbers of 4.6 million Snapchat users. The apps was updated later and provided the users with an option to opt out of the Find Friends feature.

Snapchat is a widely used messaging apps, which promises privacy and security, because the messages exchanged through its servers do not stay there forever but disappear after the recipient has viewed the message.

However, FTC claimed that messages did not disappear; conversations, images and videos could be easily saved by third party applications and that the application’s premises were misleading.

FTC recorded several cases of misrepresentations from the messaging company. Recipients could easily access the videos once they connected their mobile device to a computer and navigated the file directory of the device. As well, FTC found a false claim about the user receiving a notification whenever the recipient tries to take a screenshot of the video or the message. A recipient using Apple device with an operating system prior to iOS 7 can escape the screenshot detection.

Additionally, the Snapchat’s Android application transmitted geolocation information of its users, observed the FTC.

Edith Ramirez, FTC Chairwoman, said,

“If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises”

She added further,

“Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”

The Snapchat settlement is part of the FTC’s ongoing effort to ensure privacy promises maintained truthfully by the application manufacturers.

Although, the settlement does not have any financial component to it, but any further violation is punishable by a civil penalty of up to USD 16,000 each.

The FTC plans to publish a description of the consent agreement package soon, which will be available for public comments till 9 June, 2014.

Snapchat, on its blog on Thursday, said

“This morning we entered into a consent decree with the FTC that addresses concerns raised by the commission. We continue to invest heavily in security and countermeasures to prevent abuse,” the blog post read.

They also said their main focus was to develop ‘a unique, fast way to communicate with photos’ and in doing so,

“some things didn’t get the attention they could have. One of those was being more precise with how we communicated with the Snapchat community.”

However, the company blog reiterated,

“We are devoted to promoting user privacy and giving Snapchatters control over how and with whom they communicate. That’s something we’ve always taken seriously, and always will.”

Snapchat is a Los Angeles-based company, run by Evan Spiegel and Bobby Murphy, two former Stanford alumni.

Released in 2011, the service quickly gained a following and now claims to transmit 700 million messages every day.

But is privacy and security in an online environment a plausible desire?

Security researchers firmly believe that anything sent over the Internet stands chance of interception and that anything posted on the Internet remains forever.

“The Internet is forever, and people don’t realize that. You think you can delete a tweet or a Facebook post, but it doesn’t go away. Most people don’t know how hard it is to make a message disappear,” told Nico Sell, a security expert and one of the founders of rival mobile message app Wickr, to The New York Times.