False advertising complaints can sometimes sound like nitpicking, with the government zeroing in on some offhand comment in a commercial. But the Federal Trade Commission's detailed charges against Snapchat, announced on Thursday, May 8, are devastating because they go to the heart of everything that Snapchat has positioned itself as. (You really should read the full settlement before you use Snapchat again.)
The FTC established that, unlike the wacky "we'll let people pop up your screen without permission" program Snapchat unveiled last week, Snapchat's disappearing texts and images don't actually go away if the recipient doesn't want them to. Snapchat claimed, "We'll let you know if [the recipient] takes a snapshot." The FTC says, "Not so much, no."
Snapchat's privacy policy said, "We do not ask for, track, or access any location-specific information from your device at any time while you are using the Snapchat application." The FTC: "Snapchat did not disclose that it would, in fact, access location information, and continued to represent that Snapchat did 'not ask for, track, or access any location specific information.' Contrary to the representation in Snapchat's privacy policy, from October 2012 to February 2013, the Snapchat application on Android transmitted Wi-Fi-based and cell-based location information from users' mobile devices to its analytics tracking service provider."
Then there's Snapchat's Find Friends feature. "When the user chooses to Find Friends, Snapchat collects not only the phone number a user enters, but also, without informing the user, the names and phone numbers of all the contacts in the user's mobile device address book." Oops!
That last one was corrected by Snapchat in September 2012, but the FTC stresses that it was hardly because Snapchat saw the error of its ways. "Snapchat did not provide notice of, or receive user consent for, this collection until September 2012, at which time the iOS operating system was updated to provide a notification when an application accessed the user's address book." In other words, Snapchat made the fix only because the OS was about to expose what it was doing.
The FTC also detailed a lack of Snapchat effort to verify phone numbers, which had serious consequences. "From September 2011 to December 2012, Snapchat failed to verify that the phone number that an iOS user entered into the application did, in fact, belong to the mobile device being used by that individual. Due to this failure, an individual could create an account using a phone number that belonged to another consumer, enabling the individual to send and receive snaps associated with another consumer's phone number. Numerous consumers complained to Snapchat that individuals had created Snapchat accounts with phone numbers belonging to other consumers, leading to the misuse and unintentional disclosure of consumers' personal information. For example, consumers complained that they had sent snaps to accounts under the belief that they were communicating with a friend, when in fact they were not, resulting in the unintentional disclosure of photos containing personal information. In addition, consumers complained that accounts associated with their phone numbers had been used to send inappropriate or offensive snaps."