Snapchat warns users against third-party apps after image leak

Snapchat says it does plan to release a public API, but until then is warning users against third-party Snapchat apps.

Snapchat has warned its users to steer clear of third-party apps following last week's leak of thousands of videos and images of its users thought to have come from one of them.

As Snapchat users' photos and videos spilled onto the web last week and Snapchat denied its servers had been hacked, attention quickly turned to the ephemeral messaging app's application protocol interface (API), which third-party developers can use hook into Snapchat service to build additional services around its platform.

As it turned out, site called seems to have been the source of some of the leak. The developer, whose identity still isn't known, in a Facebook update and over the weekend confirmed it was the source after its servers were hacked -- but said only 500 MB was stolen .

In any case, Snapchat was off the hook and in a blogpost yesterday addressing the issue, the start-up warned users about the "unfortunate threats these third-party applications can pose to our community."

"Unfortunately, these applications often ask for Snapchat login credentials and use them to send or receive snaps and access account information," it said.

"When you give your login credentials to a third-party application, you're allowing a developer, and possibly a criminal, to access your account information and send information on your behalf."

While some companies like Twitter and Facebook make their APIs available for other developers, as one developer told The Verge this week, Snapchat does not. The company says in its terms that developers can't use it without its prior written consent. The advantage of providing a public API would be that third-party apps have their own authentication token, which Snapchat could revoke if they do something wrong.

In Snapchat's case though, the fact that it doesn't have a public API hasn't stopped dozens of developers reverse engineering the Snapchat protocol to create their own apps.

That could all change soon with Snapchat suggesting in the blog that it will soon provide a public API. The catch? It will only do it its own good time.

"It takes time and a lot of resources to build an open and trustworthy third-party application ecosystem," the company said. "That's why we haven't provided a public API to developers and why we prohibit access to the private API we use to provide our service. Don't get us wrong - we're excited by the interest in developing for the Snapchat platform - but we're going to take our time to get it right. Until then, that means any application that isn't ours but claims to offer Snapchat services violates our Terms of Use and can't be trusted."

It also means that for now the only option it has available to prevent potentially harmful third party apps is by attempting to stamp out all Snapchat-based apps from Google Play and the Apple's App Store.

"We'll continue to do our part by improving Snapchat’s security and calling on Apple and Google to take down third-party applications that access our API," Snapchat said.

That strategy might work in Apple's and Google's walled-gardens, but it still doesn't stop users from installing those apps from the web.