The incident dubbed the “Snappening,” in which up to 200,000 Snapchat images were leaked, has been widely reported by the media. The third-party app Snapsaved has taken responsibility for being hacked and has stated that Snapchat itself was not hacked. Snapchat confirmed this in a blog post, stating “We are grateful that the service provider acknowledged that Snapchat was never compromised,” a reference to the statement made by Snapsaved.
Snapchat also made the following statement at the end of their post: “We’ll continue to do our part by improving Snapchat’s security and calling on Apple and Google to take down third-party applications that access our API. You can help us out by avoiding the use of third-party applications.”
The question we should be asking ourselves is whether mere improvements in security are enough. The question we should be asking is whether Snapchat’s model is fundamentally broken. A Reuters article, which says the incident has exposed Snapchat’s “flawed premise,” certainly seems think so. It correctly points out that you cannot stop someone from taking a picture of a picture.
Even if Snapchat can successfully prevent any third-party apps from interacting with its service, it cannot prevent someone from using another camera to take a picture of what another device is currently displaying. Indeed, users may be able to simply take a screenshot normally with their phone. Snapchat’s own community guidelines acknowledge that it “attempts to detect screenshots and notify the sender, but it doesn’t always work perfectly.” So what if the sender was notified? What would they be able to do about it after the picture has already been sent and saved?
We can blame Snapchat’s API. Snapchat can continue pursuing unauthorized apps and having them removed from iTunes App Store and Google Play. Snapchat can continue to caution, as it has done, against giving your credentials to third-party applications. But as security researcher Adam Caudill notes, the problem is more fundamental: “Without controlling the endpoint devices themselves, Snapchat can’t ensure that its users’ photos will truly be deleted.”
At the end of the day, the moment you make a post or transmit a picture across the Internet, you have lost control over the transmitted information. I have yet to see any app that can fix this problem. It isn’t just a problem with the technology, but with human nature. The next time you are about to make a post, send an e-mail, or send a picture, pause for a moment and ask yourself: Would I be ok with the whole world seeing this? If you are, go ahead and press that “send” button.