US regulators on Thursday announced a deal with Snapchat to settle a charge that the Internet firm misled users into believing images sent over the popular phone application disappeared permanently.
Terms of the proposed settlement include Snapchat ramping up privacy and security at its popular self-destructing messaging service and having an independent monitor track its efforts for the next 20 years.
The Southern California-based service has gained notoriety for the app that lets people send smartphone photos or video snippets timed to self-destruct 10 seconds or less after being opened.
Snapchat rocketed to popularity after the initial app was released in September of 2011. Its growth initially sparked fears that, in a world of selfies, it would provide a false sense of security for teenagers thinking of sexting risque photos.
The US Federal Trade Commission said it had launched an investigation into whether Snapchat was not up front about how much data it collected from users, how well it protected them, and whether disappearing messages could be copied or resurrected.
"If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises," FTC Chairwoman Edith Ramirez said in a release.
'Snaps' that linger
An FTC complaint charged that Snapchat misled users on a number of fronts, including how "ephemeral" smartphone pictures or video snippets referred to as "snaps" actually are.
Snapchat boasted of letting people send images that "disappear forever" seconds after being viewed by recipients, neglecting to inform users that there are ways people can save pictures indefinitely, according to the FTC.
People who get snaps can use third-party applications to save images; grab screen-shots, or even just take another picture using a camera.
Concerns expressed by regulators included the extent to which snaps could actually be erased after viewing; how well Snapchat lets senders know when messages intended for destruction were saved, and how open it is about information it collects from users.
Hackers grab data
The FTC complaint contended that Snapchat gathered contact information from address books of people accessing the service form iPhones, iPads, or iPods without telling them.
Regulators blamed Snapchat's failure to effectively secure a Find Friends feature for allowing hackers to breach its database and steal user names and phone numbers of about 4.6 million users.
No fines were announced, but Snapchat could be hit with financial penalties if it doesn't stick with the conditions it agreed to in the settlement, according to the FTC.
Snapchat said in an online statement that it entered into the consent decree to address FTC concerns but had pre-preemptively resolved most of the concerns raised by regulators.
"While we were focused on building, some things didn't get the attention they could have," Snapchat said.
"One of those was being more precise with how we communicated with the Snapchat community."
Snapchat said it continues to invest heavily in security and measures to prevent abuse of its service.
The settlement needs the approval of the full commission to become final.