Commentary: Hack reveals Snapchat not so safe after all
On a surface level, Snapchat is perfect at what it does: It sends and receives self-destructing photos and video messages. It’s reassuring to send a message that could be embarrassing, knowing it won’t last.
But Snapchat doesn’t bill itself as a secure service.
Even the app’s description on the Google Play store claims: “… even though snaps are deleted from our servers after they are viewed, we cannot prevent the recipient(s) from capturing and saving the message by taking a screenshot or using an image capture device.”
So, Snapchat isn’t the safe or responsible an app it’s hyped up to be. At least it’s focused on privacy, right? Snapchat has settings that limit who can view your public snaps.
Well, it’s a shallow offering in relief of their recent issue.
An Australian computer security group, Gibson Security, released what they called their full disclosure of the Snapchat API, the guts of Snapchat, Dec. 24.
The full disclosure included a few tricks GibSec developed, including sniffing out any Snapchat user’s phone number based on their name and location. It was possible because Snapchat didn’t limit the number of search requests one can make to their server. Through brute-force searching, a database of names and numbers could be assembled over time.
Snapchat said in a blog post that the exploit is closed, but a database has already been published at snapchatdb.info.
The database was published with good intentions, but it has actually made matters worse. Although it doesn’t include the last two digits of any phone number, it only takes a little patience to test numbers inside the app. Anybody, not just a skilled hacker, can do that.
Still, you might not really care about your personal info being collected, and that’s OK. I figure Google already knows everything.
In light of what’s happened, it’s a bit ironic that Snapchat CEO Evan Spiegel is on a soapbox about deleting data, yet has said publicly he most admires Google as a company.
Google’s famous motto, though, is “Don’t be evil.” If Snapchat has a motto, it’s not in line with the typical use of their app or their user’s expectations. Its software is just not up to the same standard of security as we expect.
Your gut reaction might be to set your Snapchat to private, and that would usually be appropriate. But, even private users can be found via phone numbers. A phone number can’t be removed either. At this point, securing yourself means creating a new account.
Maybe if Snapchat combined their novel messaging platform with better security, or removed phone number entry entirely, it could earn back the trust of its users. For now … what’s the point of using it?