FTC Sanctions Snapchat for Falsely Claiming That Photos Would Disappear
Alleged App Failings
The Snapchat app allows users to send photos and videos that would, Snapchat touted in its promotions, “disappear forever” after expiration of a time period chosen by the sender. However, the FTC alleged that, in fact, there were several “simple ways” in which the “snaps” would not “disappear” at all. For example, the FTC noted that widely-available third-party apps would enable users to view and save snaps indefinitely. And the app stored video snaps unencrypted in a place readily accessible on a user's device from a connected computer terminal. Indeed, the FTC said that the “disappear” functionality depended upon use of the app itself, and a third-party viewing and saving apps circumvented that feature.
The FTC also cited other ways in which the app did not live up to the claims made by Snapchat. For example, although Snapchat claimed that the sender would be notified if the recipient took a screenshot of a snap, recipients using certain older versions of iOS could easily avoid this detection, and no notice would be sent.
As is the FTC's standard practice, the proposed consent decree will require Snapchat to cease its misrepresentations. Going forward, the company also has agreed to put in place a comprehensive privacy program subject to independent monitoring for 20 years—a period of time longer than text messaging has been available. The program must address privacy risks related to the development and management of new and existing products and services for consumers, and protect the privacy and confidentiality of information collected or accessed through Snapchat.
So what does this mean? First, the case highlights how important it is for app developers to review the accuracy of their marketing representations, with particular attention to how the app will function on both the iOS and Android platforms, and on different versions of those platforms.
Second, the case serves as a reminder that app developers should not write apps that routinely collect users' contact information or geolocation without providing notice to the users and an opportunity for them to consent or block collection of that information. Here, the FTC was able to identify an alleged misrepresentation, thus enabling it to proceed on a “deceptive” trade practice theory.
Third, the FTC takes mobile app security seriously. In this case, the app was written in such a way as to allow individuals to create Snapchat accounts with phone numbers belonging to other persons. As a result, users sent snaps to total strangers, thinking they were being sent to their friends. This flaw existed from October 2011 to December 2012 before being corrected.