Snapchat, the messaging service promising disappearing messages, has settled a complaint with the FTC. The complaint involved several inconsistencies the FCC said were occurring within Snapchat’s service, running the gamut from the message service itself to the nature of information gathering Snapchat said it wasn’t doing. The settlement closes a chapter in the Snapchat saga, but opens up a can of worms.
The crux of the complaint centerred around those “snaps” Snapchat said would delete forever from their server — which they do. The problem is, third-party apps often save the snaps, which the FTC counters doesn’t exactly lend itself to Snapchat being “secure”. Even worse, the FTC says Snapchat continued to tout their service as secure, even after being notified of this workaround by a security researcher. The claim also alleged the following:
- That Snapchat stored video snaps unencrypted on the recipient’s device in a location outside the app’s “sandbox,” meaning that the videos remained accessible to recipients who simply connected their device to a computer and accessed the video messages through the device’s file directory.
- That Snapchat deceptively told its users that the sender would be notified if a recipient took a screenshot of a snap. In fact, any recipient with an Apple device that has an operating system pre-dating iOS 7 can use a simple method to evade the app’s screenshot detection, and the app will not notify the sender.
Snapchat’s service also allowed people to communicate with random strangers who they believed were friends. The FTC found that because Snapchat failed to verify numbers on startup, people would send messages to people they didn’t know, believing it was a friend when it was just someone who registered a random number. Their failure to secure the data also resulted in that massive breach that made headlines some time ago. They'll also be subject to independent security oversight for the next 20 years.