Snapchat and the Federal Trade Commission have reached a settlement in charges lodged against the social networking site and its representation of user privacy.
The FTC case alleged that Snapchat deceived consumers about the amount of personal data it collected and the breadth of security practices in place to protect that data from unauthorized use or disclosure. The stinging allegations go even further in the realm of misrepresentation to charge Snapchat with representing its site's security in a manner that stood in stark contrast to how the app actually worked.
The case also alleged Snapchat failed to secure its Find Friends feature, which resulted in hackers exploiting a security weakness to compile a database of 4.6 million Snapchat usernames and phone numbers.
Beyond those two points, the FTC had a laundry list of complaints against Snapchat. They sum up like this:
- Snapchat claimed "snaps" were ephemeral and would be disappear forever after the sender's designated time period. According to the FTC, third party apps enabled made it quite easy to save snaps indefinitely.
- Snapchat stored video snaps unencrypted on the recipient’s device in a location outside the app's "sandbox," meaning that the videos remained accessible to recipients who simply connected their device to a computer and accessed the video messages through the device's file directory.
- Snapchat deceptively told its users that the sender would be notified if a recipient took a screenshot of a snap, however a recipient using an Apple device with an OS pre-dating iOS 7 could evade the app's screenshot detection, without the sender knowing.
FTC Chairwoman Edith Ramirez said in a statement:
If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises. Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.
Under the terms of the settlement with the FTC, Snapchat will be prohibited from misrepresenting how it maintains the privacy, security and confidentially of user information. In addition, the company will also be required to start a sweeping privacy program that will be independently monitored for the next 20 years. Any non-compliance with the agreement could result in stiff fines.
The FTC said the settlement is part of its ongoing effort to hold app makers to the privacy agreements they make with users.