Estimated read time: 3-4 minutes
This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.
SALT LAKE CITY — Snapchat’s popularity arose primarily because the app promised to secure the privacy of users — the photos taken and sent to friends promised to disappear after they were viewed.
A new investigation by the Federal Trade Commission reveals the app’s privacy settings mislead users, and after filing a complaint, the app has agreed on a settlement.
"If a company markets privacy and security as key selling points in pitching its services to consumers, it is critical that it keep those promises," said FTC chairwoman Edith Rameriz in a statement. "Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action."
The federal warnings are coming a year after a Utah company first warned the world about the hidden dangers in Snapchat.
Decipher Forensics in Orem said it's simple to change a file extension, and the pictures you thought Snapchat deleted are still available.
"We can just extract these (pictures) out, put them on a thumb drive and give them back to parents and law enforcement," said Richard Hickman, Decipher Forensics.
Despite the app claiming that photos were gone forever once they were viewed, support apps have been developed that that allowed users to save Snapchat photos without ever alerting the app itself. In the interface, if someone takes a screenshot of your photo, you are notified. With these external apps, a Snapchat user would have no idea their images are being stored. Videos could also be located and saved using certain techniques the creators of Snapchat did nothing to prevent.
Furthermore, location information was stored and used for data mining by Snapchat, despite the app claiming it did not save any geographic information.
"If you're going to be a big organization like that, you have to take the steps and precautions to put (security measures) in place," said Trent Leavitt, Decipher Forensics.
Snapchat never verified phone numbers and some users registered with numbers that were not their own. The “Find Friends” feature led Snapchat users to believe they were communicating with friends, when they were sending photo and video to unverified strangers.
“As a result of these failures, in December 2013, attackers were able to use multiple accounts to send millions of Find Friend requests using randomly generated phone numbers,” the FTC complaint said. “The attackers were able to compile a database of 4.6 million Snapchat usernames and the associated mobile phone numbers. The exposure of usernames and mobile phone numbers could lead to costly spam, phishing, and other unsolicited communications.”
The creators of the app responded by saying they are on the road to filling the holes and blocking the roads that have made the app’s integrity come into question.
“When we started building Snapchat, we were focused on developing a unique, fast and fun way to communicate with photos,” Snapchat said in a blog post. “We learned a lot during those early days. One of the ways we learned was by making mistakes, acknowledging them, and fixing them.”
Decipher Forensics is now testing the app to ensure security loopholes have been closed.
"We go in and forensically start looking for key words of the pictures we took," Leavitt said.
The tech said Snapchat has been true to its word and closed a number of loopholes. But they said other flaws still persist, and many are working on hacking further into the app.
"Someone will find a way to break it," Leavitt said.
Contributing: Andrew Adams
