How Snapchat got a “F” for privacy
For a company who’s entire business model and brand is predicated on privacy, it’s shocking to see on how many levels Snapchat failed.
Millions of users the world over have sent ‘snaps’ — those disappearing photos or videos — under the perceived and incorrect notion that they would expire forever after the time expires. A number of flaws (since addressed) exposed these video and photo messages allowing them to be posted widely over the internet or persisted locally on the receivers computer.
Apps have their own private storage area … their own “sandbox” if you will…an area that is private to the app and that other apps cannot access. Up until October 2013, when the recipient of a video snap received a video, the Snapchat app actually stored this video outside of the sandbox. Because the video was stored outside of this private unrestricted area, the receiver could simply hook up their phone to a computer and use simple file browsing tools to locate the video and retrieve it and save it elsewhere.
Worse than this design flaw, Snapchat had been notified
of this flaw as early as December 2012 but they did
not resolve the issue until October 2013 when
they began encrypting the files.
This was a simple design flaw — even if the location of the video was a result of the organization of the file system and how the operating system behaved — a simply encryption algorithm would have fixed this.
Worse than this design flaw, Snapchat had been notified of this flaw as early as December 2012 but they did not resolve the issue until October 2013 when they began encrypting the files.
This wasn’t the only design shortcoming. Snapchat provided an API which allowed third-party developers to utilize Snapchat services without using the client. Believe it or not, but the functionality to delete a photo after the timed expiry was actually a function of the snapchat client application, not the back-end service. This meant that a developer could simply use the API to retrieve and download the photo.
It is estimated that on Google Play alone,
ten of these applications have been
downloaded as many as 1.7 million times!
In or around June 2012 a security researcher notified snapchat of the ease of which developers could create apps bypassing Snapchats “Deleting message” system. In the Spring of 2013 Apps started showing up in the app store allowing users to save and view these photo and video messages indefinitely. It is estimated that on Google Play alone, ten of these applications have been downloaded as many as 1.7 million times!
Furthermore, Snapchat had claimed that if a recipient took a screenshot of an image that the recipient would be notified. This was not true. In a widely publicized method, users on iOS (prior to version 7) needed to only double press the device’s home button in rapid succession to evade the detection mechanism and take a screenshot of the snap.
The list of consumer privacy transgressions continues
In October 2012 Snapchat integrated an analytics tracking service in the Android version of their application. Although Snapchat expressly stated that it “did not ask for, track, or access any location specific information”, it in fact did. From October 2012 to February 2013, the Android version of the application transmitted Wi-Fi and cell based location information from the users mobile device.
Snapchat decides to collect your contact information
Snapchat, without informing the user,
also collected the names and phone numbers
of all the contacts in the user’s mobile contact list!
Prior to September 2012 Snapchat introduced a “Find your Friends” feature which ostensibly only required you to enter your phone number and that your number was the only information collected by Snapchat to find your friends. However, when using this feature, Snapchat, without informing the user, also collected the names and phone numbers of all the contacts in the user’s mobile contact list!
Spoofing a further breach of privacy
Users thought they were sending snaps
to friends when unbeknownst to them they
were being sent to strangers.
Initially, Snapchat failed to perform simple phone number verification. This allowed an individual to create an account using a phone number that belonged to another consumer. This caused users to send snaps, often of a personal nature, to users under the belief they were communicating with a known friend when in fact they were being sent to a complete stranger or to an unintended recipient.
Privacy by design
Privacy by Design is an engineering principle that takes privacy into account through the entire design and build process. It is build on seven core foundational principles:
- Proactive not reactive; Preventative not remedial
- Privacy as the default setting
- Privacy embedded into design
- Full functionality — positive-sum, not zero-sum
- End-to-end security — full lifecycle protection
- Visibility and transparency — keep it open
- Respect for user privacy — keep it user-centric
When one sees these alleged privacy breaches by snapchat and viewed against these core design principles it is clear to see how Privacy by Design was not part of the Snapchat engineering culture.
Where are we now?
All of these alleged Snapchat violations occurred in the 2011–2013 timeframe. Security researchers will have to determine whether new vulnerabilities exist. Note that we reference these violations as alleged due to a settlement Snapchat reached with the FTC. The settlement specifically includes this language: “This agreement is for settlement purposes only and does not constitute and admission by [Snapchat] that the law has been violated…”
Consumers should always remain weary that companies are safeguarding their data. And while there have been many publicized cases of data breach, Snapchat’s is particularly egregious as the entire business is premised on privacy.
Article at: http://dutoit.io/a-lesson-in-how-snapchat-failed-to-take-consumer-privacy-seriously/
