Snapchat settles with FTC over charges of deceiving users
Snapchat has agreed to settle with the Federal Trade Commission over charges that it deceived customers about the disappearing nature of messages sent through its ephemeral messaging service, while also collecting users' contacts without telling them or asking permission.
The FTC said that Snapchat, which allows users to send messages that self-destruct moments after opening them, misled its users about the company's data collection methods and failed to tell them that others could save their messages without their knowledge.
"If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises," FTC Chairwoman Edith Ramirez said in a statement. "Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action."
Not admitting or denying any wrongdoing, Snapchat agreed to settle and said it has addressed many of the issues the FTC raised.
As part of the settlement, the company must implement a privacy program that will be monitored by an outside privacy expert for the next 20 years. This arrangement is similar to privacy settlements that Google, Facebook and Myspace have agreed to in recent years.
Although Snapchat said its app notified users when a recipient takes a screenshot of a "snap" they've sent, the FTC said recipients with an Apple device that runs an operating system that predates iOS 7 could evade the app's screenshot detection.
In addition, the FTC said Snapchat's app stored video snaps that were not encrypted on the recipient's device. The videos remained accessible to the recipient, the agency said. A user could access a video message, even after it supposedly disappeared, if the user simply connected the phone to a computer and accessed the video in the device's file directory.
The FTC complaint also alleges that Snapchat failed to secure its "find friends" feature. A security breach in January allowed hackers to collect the usernames and phone numbers of some 4.6 million Snapchat users.
The breach occurred after security experts warned the company at least twice about a vulnerability in its system. Snapchat later issued an update to its app that fixed the issue and allowed users to opt out of the "find friends" feature.Snapchat's Android app also transmitted users' location information, the FTC said, even though the company told users it didn't collect such information.
The settlement doesn't have a financial component, but if Snapchat is found to violate the agreement, the company could face a civil penalty of up to $16,000 for each violation.
In a blog post Thursday, Snapchat said that when its app was being created, "some things didn't get the attention they could have."
"One of those was being more precise with how we communicated with the Snapchat community," the company wrote.
Snapchat, however, said it has since fixed the problems.
"Even before today's consent decree was announced, we had resolved most of those concerns over the past year by improving the wording of our privacy policy, app description, and in-app just-in-time notifications," the company said. "And we continue to invest heavily in security and countermeasures to prevent abuse."
Since its founding in 2011, Snapchat has reportedly turned down a $3 billion takeover bid by Facebook.