Snapchat assured users that private photos sent using its app would automatically delete. Those were false promises.
On Thursday, the app maker settled charges with the Federal Trade Commission that it deceived customers on several levels. The app wasn't totally secure, and the company was secretly spying on its users.
But the Los Angeles-based startup is essentially getting a slap on the wrist. It has to allow independent privacy auditors to inspect the company for the next 20 years, and it was forced to promise it will be more forthright with customers. That's about it.
The heart of the issue is Snapchat's assurance that customers' messages were safe and private. Snapchat's whole business was built on that promise.
For instance, Snapchat photos have a self-destruct timer. But recipients could get around the auto-destruct by saving an image of what was on the screen.
The company also had said it took appropriate security measures to keep the information safe. However, "disappearing" videos don't actually vanish. They were stored, unencrypted, on phones. That meant anyone could just plug a device into a computer and play the files.
Snapchat was also quietly collecting information about its customers. The company promised it wouldn't track users, but it surreptitiously followed an Android phone's every move. It also uploaded entire contact lists from iPhones without letting a customer know.
That blew up in the company's face when hackers stole the contact information for 4.6 million Snapchat users and posted their usernames and partial phone numbers online.
"If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises," FTC Chairwoman Edith Ramirez said in a statement.
"While we were focused on building, some things didn't get the attention they could have. One of those was being more precise with how we communicated with the Snapchat community," the company said on its blog.