Snapchat deceived customers, U.S. federal watchdog says
'Some things didn't get the attention they should have' during app's development, Snapchat admits
Snapchat has agreed to settle with the U.S. Federal Trade Commission over charges that it deceived customers about the disappearing nature of messages sent through its service and that it collected users' contacts without telling them or asking permission.
- Snapchat hack shows vulnerable side of smartphone apps
- Snapchat plans more secure app following hack
Snapchat is a popular mobile messaging app that lets people send photos, videos and messages that disappear in a few seconds. But the FTC said Snapchat misled users about its data collection methods and failed to tell users that others could save their messages without their knowledge.
As part of the settlement, Snapchat must implement a privacy program that will be monitored by an outside privacy expert for the next 20 years. The arrangement is similar to privacy settlements that Google, Facebook and Myspace have agreed to in recent years.Snapchat agreed to settle without admitting or denying any wrongdoing and the company said it has addressed many of the issues the FTC raised.
Storing information
Although Snapchat said its app notified users when a recipient takes a screenshot of a "snap" they've sent, the FTC said recipients with an Apple device that runs an operating system that predates iOS 7 could evade the app's screenshot detection. Apple's iOS7 launched last summer.
Even before today's consent decree was announced, we had resolved most of those concerns over the past year by improving the wording of our privacy policy, app description, and in-app just-in-time notifications.- Snapchat company blog
In addition, the FTC said Snapchat's app stored video snaps that were not encrypted on the recipient's device. The videos remained accessible to the recipient, the agency said. A user could access a video message, even after it supposedly disappeared, if the user simply connected the phone to a computer and accessed the video in the device's file directory.
The FTC complaint also alleges that Snapchat failed to secure its "find friends" feature. A security breach in January allowed hackers to collect the usernames and phone numbers of some 4.6 million Snapchat users.
The breach occurred after security experts warned the company at least twice about a vulnerability in its system. Snapchat later issued an update to its app that fixed the issue and allowed users to opt out of the "find friends" feature.
Snapchat's Android app also transmitted users' location information, the FTC said, even though the company told users it didn't collect such information.
Communication breakdown
The settlement doesn't have a financial component, but if Snapchat is found to violate the agreement, the company could end up paying a civil penalty of up to $16,000 for each violation. The Los Angeles startup reportedly turned down a $3 billion buyout offer from Facebook last fall.
In a blog post Thursday, Snapchat said that when its app was being created, "some things didn't get the attention they could have."
"One of those was being more precise with how we communicated with the Snapchat community," the company said in the post.
Snapchat, however, said it has since fixed the problems.
"Even before today's consent decree was announced, we had resolved most of those concerns over the past year by improving the wording of our privacy policy, app description, and in-app just-in-time notifications," the company said. "And we continue to invest heavily in security and countermeasures to prevent abuse."
The settlement will be formally approved in 30 days once a public comment period ends.