TIME technology

Snapchat Settles With FTC Over False Marketing, Lax Security

The popular photo-sharing app will be subject to new privacy requirements for the next 20 years after the Federal Trade Commission took issue with its claims that photos and videos sent through the app would quickly disappear forever

Snapchat is getting a slap on the wrist from the Federal Trade Commission for allegedly deceptive marketing and a security breach earlier this year that compromised the data of 4.6 million of its users. The startup, which in the past has said that the photo messages people send on its service “disappear forever,” agreed to settle with the FTC over allegations that its app didn’t perform as advertised.

According to the FTC complaint, videos sent through Snapchat were easily accessible by the recipient by plugging a phone into a computer, even though such videos are supposed to disappear in seconds. The complaint also alleges that some iPhone users could take a screenshot of a photo they had received without alerting the sender that the screencap was taken. Snapchat also tracked geolocation information of Android users, a violation of its own privacy policy, according to the complaint.

More serious was the way Snapchat handled users’ phone numbers. According to the FTC, Snapchat accessed the names and phone numbers of its users’ friends without telling them on Apple devices until iOS 6 was introduced. Security lapses in Snapchat’s “Find Friends” feature led to people inadvertently sending snaps to strangers using numbers that didn’t belong to them. “Find Friends” security flaws also allowed attackers to compile a database of 4.6 million users’ names and phone numbers and post it online in January.

Snapchat, which has not formally admitted any wrongdoing, will be subject to a number of privacy requirements over the next 20 years. The company will have to be more transparent in explaining to users how their messages can be accessed, and it must launch a wide-ranging privacy program to ensure users’ data is protected. Snapchat will be subject to privacy reviews every two years to assess its compliance with the FTC’s rules. Violation of the agreement could result in fines of up to $16,000 per transgression.

In a blog post, Snapchat said that most of the issues the FTC has brought to light have already been addressed. “While we were focused on building, some things didn’t get the attention they could have,” the company wrote. “One of those was being more precise with how we communicated with the Snapchat community. Even before today’s consent decree was announced, we had resolved most of those concerns over the past year by improving the wording of our privacy policy, app description, and in-app just-in-time notifications.”

Today, Snapchat’s privacy policy is pretty clear about just how “ephemeral” the service is: “There may be ways to access messages while still in temporary storage on recipients’ devices or, forensically, even after they are deleted. You should not use Snapchat to send messages if you want to be certain that the recipient cannot keep a copy.”

Getting dinged by the FTC has become something of a rite of passage for social startups. Twitter and Facebook are currently serving similar 20-year sentences under the government agency’s watchful eye.

Tap to read full story

Your browser is out of date. Please update your browser at http://update.microsoft.com


Dear TIME Reader,

As a regular visitor to TIME.com, we are sure you enjoy all the great journalism created by our editors and reporters. Great journalism has great value, and it costs money to make it. One of the main ways we cover our costs is through advertising.

The use of software that blocks ads limits our ability to provide you with the journalism you enjoy. Consider turning your Ad Blocker off so that we can continue to provide the world class journalism you have become accustomed to.

The TIME Team