Do Self-Destructing Messaging Apps Really Protect Your Privacy?

Janice Legnitto
Jan Legnitto Writer, PRIVATE WiFi

Posted on January 30th 2014

Do Self-Destructing Messaging Apps Really Protect Your Privacy?

ImageOver the past two years, a privacy backlash has been developing around the world.  According to the latest The Truth About Privacy study from McCann, seven out of ten respondents in nearly a dozen countries are worried about the erosion of their privacy. McCann’s report found that especially those in younger age groups have become more selective about sharing their personal information online. That’s why they’ve moved to private social networks and apps such as Snapchat to connect with friends.

Just three months ago, Snapchat’s phenomenal success was hailed by The Washington Post as a sign we might actually have a chance to hold on to our privacy. After all, in an era when everything on the Internet pretty much stays there, what better way to protect your sensitive information than with an app that sends self-destructing photo messages. Spurred on by Snapchat’s popularity, other apps featuring messages that either self-destructed or are more private – such as Wickr, Confide, and Instagram Direct – appeared on the scene.

Is Your Privacy Protected?

As it turned out, the app that was supposed to be about privacy had online privacy issues of its own.  On New Year’s Eve, hackers breached the Snapchat database and posted 4.6 million usernames and phones numbers online. The hack wasn’t perpetrated by cybercriminals. It was conducted by greyhat hackers through a recently identified and patched Snapchat exploit. They made the Snapchat user data public to persuade the messaging app to improve its security, which the company finally fixed using a graphical "ghost"-CAPTCHA to thwart hackers. Sadly, this new system was hacked in 30 minutes by security researcher, Steven Hickson, according to The Washington Post.

While you might question the anonymous hackers’ tactics, their actions highlighted the dangers of trusting apps with your sensitive information. Four years ago, Gartner, the information technology research and advisory firm, offered this grim prediction about what we should expect from mobile apps: between 2012 and 2015, it said two thirds of mobile applications will fail the most basic security tests.

Even before Snapchat’s massive data breach, Mashable reported that an app called SnapHack Pro defeated the purpose of Snapchat by allowing users to save messages without the sender’s knowledge. That alone should make users think twice before sending anything they could live to regret.

Then, just days after Snapchat was forced to apologize for its massive data breach, the company apologized again, this time for an increase in Snap Spam many users were receiving that contained nude photos. CEO Evan Spiegel said there is no connection to Snapchat’s recent data breach and attributed the surge in spam to the company’s rapid growth. But the proximity of the two events may leave some of its users wondering.

Despite Snapchat’s security problems, one thing is clear:  Apps that use ephemeral messaging are here to stay.  Speaking at Stanford University earlier this month, Facebook CEO Mark Zuckerberg praised the company he tried to buy for $3 billion for capitalizing on an important development – our growing need for privacy:

“I think Snapchat is a super interesting privacy phenomenon because it creates a new kind of space to communicate which makes it so that things that people previously would not have been able to share, you now feel like you have place to do so.”

But just because an app uses Mission Impossible style self-detonating messages doesn’t mean that it guarantees users a private space where they can communicate. Snapchat marketed itself as a more private and more secure social networking alternative to Facebook and Instagram. But security researchers demonstrated that Snapchat gave users a false sense of security because, like other Internet companies, it stores user information in a database which can be hacked – and was hacked.

There’s another security challenge that self-destructing data won’t solve. If you send your mobile Snapchat messages via a public WiFi hotspot without using a VPN like PRIVATE WiFi a hacker could capture those messages before they vanish and decode them later.  A VPN stops hackers from taking advantage of weaknesses in Snapchat that make it possible for hackers to decode those supposedly secret messages.

The Snapchat data breach should serve as a cautionary tale for users. Its self-destructing data is a terrific innovation that may usher in the erasable Internet. And its widespread acceptance is a measure of the increasing value we are placing on privacy. But data that disappears in seconds is no panacea for all of our online privacy concerns. In order for our communications to be private, our data and our devices need be secure.

Janice Legnitto

Jan Legnitto

Writer, PRIVATE WiFi

Jan Legnitto is an investigative journalist and TV documentary producer who writes on criminal justice and intelligence issues. She is a frequent contributor PRIVATE WiFi's blog.

See Full Profile >