Apps

Snapchat may be planning a mobile payment service

News

FTC claims T-Mobile charged customers millions for bogus SMS subscription fees [Updated]

Apps

These are the best private photo sharing apps for iPhone

Apps

Snapchat takes a slingshot at Facebook with shareable social stories

Apps

Facebook's Snapchat competitor 'Slingshot' might launch as early as this month

Apps

New and updated apps: Snapchat, DuoLingo, Watch ABC and more!

Apps

Best prom apps for iPhone: OpenTable, ASOS, ProFlowers, and more!

Apps

Snapchat updated with text chat and video calling

News

Apple sends out refund instructions for unauthorized in-app purchases

Links

Did the FTC unfairly target Apple and let Google get away in-app free?

Editorial

DOJ vs. FTC: Apple knows when to hold 'em, when to fold 'em

News

FTC ropes Apple for at least another $32 million in in-app purchase repayments

Apps

How to change your Snapchat user name and delete your account

Apps

Snapchat security breach reportedly leaks 4.6 million user details online

Apps

Snapchat API and exploits published by hacker group, could allow users' names and phone numbers to be connected

Apps

Snapchat 6.1 update brings smart filters, fancy text, and a front-facing flash

Apps

Clipchat for iPhone review: A Snapchat clone with a much better interface

Apps

Facebook Poke vs. Snapchat: What's the best sexting app for iPhone?

Instagram, Snapchat, and the difference between $1 billion Facebook bucks vs simply being cloned

News

FTC may sue Google over antitrust violations stemming from FRAND patent abuse

< >

Snapchat settles with the FTC over privacy concerns, will be monitored for 20 years

Snapchat

Snapchat has agreed to settle with the FTC over claims that the company deceived consumers over the data it collected and also the security measures taken to prevent unauthorized disclosure. Snapchat's failure to secure its Find Friends feature resulted in a breach that allowed hackers to steal 4.6 million usernames and phone numbers.

In addition, the claims state that Snapchat misrepresented its data collection practices, that they deceptively told their users that the sender would be notified if a recipient took a screenshot of a snap, and that Snapchat stored video snaps unencrypted on the recipient's device.

"If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises," said FTC Chairwoman Edith Ramirez. "Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action."

Under the terms of the settlement, Snapchat "will be prohibited from misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users' information." They will also be required to invoke a privacy program that will be monitored for the next 20 years.

Source: FTC

Press Release

Snapchat Settles FTC Charges That Promises of Disappearing Messages Were False

Snapchat Also Transmitted Users' Location and Collected Their Address Books Without Notice Or Consent

Snapchat, the developer of a popular mobile messaging app, has agreed to settle Federal Trade Commission charges that it deceived consumers with promises about the disappearing nature of messages sent through the service. The FTC case also alleged that the company deceived consumers over the amount of personal data it collected and the security measures taken to protect that data from misuse and unauthorized disclosure. In fact, the case alleges, Snapchat's failure to secure its Find Friends feature resulted in a security breach that enabled attackers to compile a database of 4.6 million Snapchat usernames and phone numbers.

According to the FTC's complaint, Snapchat made multiple misrepresentations to consumers about its product that stood in stark contrast to how the app actually worked.

"If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises," said FTC Chairwoman Edith Ramirez. "Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action."

Touting the "ephemeral" nature of "snaps," the term used to describe photo and video messages sent via the app, Snapchat marketed the app's central feature as the user's ability to send snaps that would "disappear forever" after the sender-designated time period expired. Despite Snapchat's claims, the complaint describes several simple ways that recipients could save snaps indefinitely.

Consumers can, for example, use third-party apps to log into the Snapchat service, according to the complaint. Because the service's deletion feature only functions in the official Snapchat app, recipients can use these widely available third-party apps to view and save snaps indefinitely. Indeed, such third-party apps have been downloaded millions of times. Despite a security researcher warning the company about this possibility, the complaint alleges, Snapchat continued to misrepresent that the sender controls how long a recipient can view a snap.

In addition, the complaint alleges:

  • That Snapchat stored video snaps unencrypted on the recipient's device in a location outside the app's "sandbox," meaning that the videos remained accessible to recipients who simply connected their device to a computer and accessed the video messages through the device's file directory.
  • That Snapchat deceptively told its users that the sender would be notified if a recipient took a screenshot of a snap. In fact, any recipient with an Apple device that has an operating system pre-dating iOS 7 can use a simple method to evade the app's screenshot detection, and the app will not notify the sender.
  • That the company misrepresented its data collection practices. Snapchat transmitted geolocation information from users of its Android app, despite saying in its privacy policy that it did not track or access such information.

The complaint also alleges that Snapchat collected iOS users' contacts information from their address books without notice or consent. During registration, the app prompted users to, "Enter your mobile number to find your friends on Snapchat!" Snapchat's privacy policy claimed that the app only collected the user's email, phone number, and Facebook ID for the purpose of finding friends. Despite these representations, when iOS users entered their phone number to find friends, Snapchat also collected the names and phone numbers of all the contacts in their mobile device address books. Snapchat continued to collect this information without notifying or obtaining users' consent until Apple modified its operating system to provide such notice with the introduction of iOS 6.

Finally, the FTC alleges that despite the company's claims about taking reasonable security steps, Snapchat failed to secure its "Find Friends" feature.

For example, the complaint alleges that numerous consumers complained that they had sent snaps to someone under the false impression that they were communicating with a friend. In fact, because Snapchat failed to verify users' phone numbers during registration, these consumers were actually sending their personal snaps to complete strangers who had registered with phone numbers that did not belong to them.

Moreover as noted above, the complaint alleges that Snapchat's failure to secure its Find Friends feature resulted in a security breach permitting attackers to compile a database of 4.6 million Snapchat usernames and phone numbers. According to the FTC, the exposure of this information could lead to costly spam, phishing, and other unsolicited communications.

The settlement with Snapchat is part of the FTC's ongoing effort to ensure that companies market their apps truthfully and keep their privacy promises to consumers. Under the terms of its settlement with the FTC, Snapchat will be prohibited from misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users' information. In addition, the company will be required to implement a comprehensive privacy program that will be monitored by an independent privacy professional for the next 20 years.

This case is part of a multi-national enforcement sweep on mobile app privacy by members of the Global Privacy Enforcement Network, a cross-border coalition of privacy enforcement authorities. The case is also coordinated with the Asia Pacific Privacy Priorities forum's Privacy Awareness Week.

The Commission vote to accept the consent order for public comment was 5-0.

5
loading...
15
loading...
41
loading...
0
loading...

← Previously

Best Mother's Day apps for iPhone and iPad: ProFlowers, Ink Cards, Pinterest, and more!

Next up →

How to disable cellular data on your iPhone or iPad

Reader comments

Snapchat settles with the FTC over privacy concerns, will be monitored for 20 years

4 Comments
Sort by Rating

self destruction feature is one of the best feature in Snapchat. thats why im using this messenger. im big fan of snapchat. visit this fantastic sites for new messenger. Recently i published awesome post on LIBON messenger for PC. follow this site www.appsandgamesforpc.com

So how about the FTC sue the NSA and let us monitor them for 20 years?

Edit: Snapchat should have used the NSA as their defense on the grounds of having to save the information for them anyways.

This is small potatoes. Why doesn't the FTC go after the NSA? They are the ones who have everyone's personal data!

Sent from the iMore App