The newest innovation in the field of social networking is the Snapchat App. It is essentially a photo messaging app; but what sets it apart is that it allows the sender to set a time limit for how long the recipient would be able to view the snapshot sent by them, after which the photo is automatically deleted from the recipient’s phone as well as from the Snapchat servers.
Recently, Snapchat posted a message on their blog page warning users of third party apps and making clear Snapchat’s position with respect to such apps. This warning was given following the incident a few days back when thousands of Snapchat photos were leaked online as a result of a third party app being compromised. In a pained attempt at humour, the leak was nicknamed ‘the Snappening’ after the nickname ‘the Fappening’ given to the icloud leak of celebrity photos. Snapchat made it clear through their blog post that they do not support third party apps and have warned users to be careful while using such apps or not use them at all.
A ‘Third party app’ was defined by Snapchat as an app which is neither owned not developed by Snapchat but simply interacts with the Snapchat API. These apps often require the login details of the Snapchat users and once these details are acquired, they can be misused in a number of ways by the developer of that app including but not limited to leaking photos and selling users’ personal information.
One way to curb misuse of the Snapchat API by third party apps would be to establish a public Snapchat API. But Snapchat made it clear that though they will contemplate this idea and the trusted eco system it could create, they also said in their blog that as of now they do not have the time or resources required for it.
Snapchat’s terms of service state in unequivocal terms that accessing Snapchat API through a third party app is against its terms of service. To minimize such interference from third party apps, Snapchat has asked its users to report apps which appear to be using the Snapchat API. It has also been working with Google and Apple to remove all such apps from their respective app stores. Snapchat certainly seems to be making efforts to ensure that its users are not taken advantage of by third party apps on its API, but are these steps enough?
Many security experts believe that Snapchat only relies on its terms of service and the legal ramifications a third party app would face on illegally accessing the Snapchat API to deter such malpractices. Rather, Snapchat should be focussing on building a more secure API which would simply make it impossible for third party apps to access its API. Snapchat may have shifted the blame of the leak this time around, but it cannot wash its hands off the issue entirely. Such leaks must be stopped and the only way is to build a more secure API system.