Snapchat has warned its users to steer clear of third-party apps following last week's leak of thousands of videos and images of its users thought to have come from one of them.
As Snapchat users' photos and videos spilled onto the web last week and Snapchat denied its servers had been hacked, attention quickly turned to the ephemeral messaging app's application protocol interface (API), which third-party developers can use hook into Snapchat service to build additional services around its platform.
As it turned out, site called Snapsaved.com seems to have been the source of some of the leak. The developer, whose identity still isn't known, in a Facebook update and over the weekend confirmed it was the source after its servers were hacked -- but said.
In any case, Snapchat was off the hook and in a blogpost yesterday addressing the issue, the start-up warned users about the "unfortunate threats these third-party applications can pose to our community."
"Unfortunately, these applications often ask for Snapchat login credentials and use them to send or receive snaps and access account information," it said.
"When you give your login credentials to a third-party application, you're allowing a developer, and possibly a criminal, to access your account information and send information on your behalf."
While some companies like Twitter and Facebook make their APIs available for other developers, as one developer told The Verge this week, Snapchat does not. The company says in its terms that developers can't use it without its prior written consent. The advantage of providing a public API would be that third-party apps have their own authentication token, which Snapchat could revoke if they do something wrong.
In Snapchat's case though, the fact that it doesn't have a public API hasn't stopped dozens of developers reverse engineering the Snapchat protocol to create their own apps.
That could all change soon with Snapchat suggesting in the blog that it will soon provide a public API. The catch? It will only do it its own good time.
It also means that for now the only option it has available to prevent potentially harmful third party apps is by attempting to stamp out all Snapchat-based apps from Google Play and the Apple's App Store.
"We'll continue to do our part by improving Snapchat’s security and calling on Apple and Google to take down third-party applications that access our API," Snapchat said.
That strategy might work in Apple's and Google's walled-gardens, but it still doesn't stop users from installing those apps from the web.