As I reported nearly a year ago, Snapchat’s so-called disappearing messages don’t necessarily disappear. It has always been possible for people receiving a Snapchat message to capture the screen either directly from the device or by taking a picture of it with another device. There was also a report about a forensics firm that had successfully restored supposedly deleted Snapchat images from Android phones.
It turns out that the Federal Trade Commission was also looking at Snapchat and, earlier this year, filed acomplaint alleging that, despite claims that messages “disappear forever,” several methods exist “by which a recipient can use tools outside of the application to save both photo and video messages, allowing the recipient to access and view the photos or videos indefinitely.” The agency accused Snapchat of making “multiple misrepresentations to consumers about its product that stood in stark contrast to how the app actually worked.”
The agency also alleged:
- That Snapchat stored video snaps unencrypted on the recipient’s device in a location outside the app’s “sandbox,” meaning that the videos remained accessible to recipients who simply connected their device to a computer and accessed the video messages through the device’s file directory.
- That Snapchat deceptively told its users that the sender would be notified if a recipient took a screenshot of a snap. In fact, any recipient with an Apple device that has an operating system pre-dating iOS 7 can use a simple method to evade the app’s screenshot detection, and the app will not notify the sender.
Source: FTC press release
Snapchat now supports saving content
On May 1st, Snapchat blogged that there is now a mechanism to save snaps, “ When you leave the chat screen, messages viewed by both you and your friend will be cleared – but either of you can always tap or screenshot to save anything you’d like to keep (addresses, to-do lists, etc.)!” (emphasis added).
The FTC also claimed that Snapchat failed to secure its “Find Friends” feature. Snapchat allegedly failed to verify that the phone number users entered actually belonged to the person owned the device being used.
In a press conference, the FTC’s Assistant Director, Division of Privacy and Identity Protection, Christopher Olson said “if you make promises about privacy you must honor those promises.” He also said there were security flaws that Snapchat should have addressed to “prevent unauthorized user from accessing Snapchat user names and phone numbers.”
As part of the agreement, Snapchat will have to change its messaging to make it more clear that messages don’t necessarily disappear. “Under the terms of its settlement with the FTC, Snapchat will be prohibited from misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users’ information. In addition, the company will be required to implement a comprehensive privacy program that will be monitored by an independent privacy professional for the next 20 years,” according to the FTC.
Any violation of this order will subject the company to civil penalties in the future, Olson said.
In a blog post (reposted below), Snapchat admitted that “While we were focused on building, some things didn’t get the attention they could have.” The company said that it should have been “more precise with how we communicated with the Snapchat community.”
Olson said that Snapchat company made “unequivocal” claims about its privacy and that users likely relied on those claims which “we allege were misrepresentations.”
Snapchat’s blog post about “Our Agreement with the FTC”
“When we started building Snapchat, we were focused on developing a unique, fast, and fun way to communicate with photos. We learned a lot during those early days. One of the ways we learned was by making mistakes, acknowledging them, and fixing them.
We are devoted to promoting user privacy and giving Snapchatters control over how and with whom they communicate. That’s something we’ve always taken seriously, and always will.”
(Source: Snapchat blog)