The recent furore around SnapChat and its supposed policy violations has once again thrust the issue of mobile data privacy and security into the spotlight.
The Federal Trade Commission (FTC) recently levelled a long list of charges against the popular photo and video sharing app. The list included accusations that videos sent through Snapchat were easily accessible by plugging a phone into a computer, that users could preserve images by taking screenshots, that the app tracked the geo-location of Android users, and that numerous security flaws allowed attackers to easy access usernames and phone numbers.
All of these accusations directly contradict the alleged features that have made SnapChat so popular; the app has grown its user-base on the understanding that sent media was a) private and b) would be deleted within a few seconds of being viewed.
SnapChat may be forgiven for initially underestimating how popular the app would become, and although the FTC’s judgement means SnapChat now faces twenty years of scrutiny, it is at least commendable that the company has addressed the concerns head-on.
Perhaps more importantly than the individual case of SnapChat, the revelations have raised wider concerns about which other mobile apps might be in breach of their purported terms and conditions.
Creating apps is becoming an increasingly accessible hobby for the masses, with the point-and-click nature of development meaning that people who have little skill in programming are now able to design content in a way that was previously impossible. It would be naïve to suggest that all these new developers have the necessary technical proficiency to insert the requisite privacy notices to alert users to the many potential privacy pitfalls that await them.
As the SnapChat case highlights, even skilled and knowledgeable developers struggle to correctly code multiple languages to fulfil their legal obligation for a comprehensive privacy protection policy. They can easily find themselves in trouble if their app uses or shares personal data, geo-locations, audio content, or video content without it being fully highlighted to a user.
So what can be done? Governments around the world have long-since introduced legislation to try and combat the problem of opaque and difficult-to-understand privacy policies, but it is clear that with almost 2,000,000 apps across Apple’s and Google’s stores, monitoring and managing all of them is impossible.
There are also numerous courses and training programs that developers can attend, but again, it is unreasonable to expect casual ‘bedroom’ developers to go to such lengths for apps that they know might only be downloaded a handful of times, if at all.
It seems that at the moment the threat of fines, loss of revenue, and public embarrassment remains the best deterrent. It was reported that SnapChat turned down multi-billion dollar offers from both Facebook and Google in late 2013, offers that are unlikely to resurface now the brand has become significantly more toxic and users are slowly abandoning it. It should serve as a lesson to all budding developers.
By Daniel Price