Popular photo-sharing service Snapchat has started warning people who use unauthorized apps that take advantage of its undocumented API.
That API, which is intended only for Snapchat's internal use, has been reverse engineered by third parties and used to build unofficial Snapchat-based applications. The most recent high-profile incident, dubbed the Snappening, resulted from a breach of Snapsaved.com, an unauthorized service that enabled Snapchat users to save their snaps. Snapchat's servers were never breached in the incident, but because of Snapsaved.com's popularity, it was believed at the time that up to 200,000 accounts may have been implicated in the breach.
According to a blog post published by Snapchat this week, the company is aiming to prevent similar incidents by alerting users when they use unauthorized apps. "Starting today, we will notify Snapchatters when we have detected that they may be using third-party apps and we’ll ask those Snapchatters to change their password and stop using unauthorized apps," the company wrote on Tuesday.
Is It Enough?
Snapchat says it has "enjoyed some of the ways that developers have tried to make Snapchat better." But unauthorized apps are unauthorized apps, and the company is clearly hoping that by educating its users and warning them when they use them, it can convince users to avoid apps that could leave their accounts vulnerable.
The question is whether this approach will be enough. Unauthorized Snapchat apps have clearly thrived not because Snapchat users are foolish but because third parties have developed attractive functionality that Snapchat itself doesn't offer and, in the case of some apps, may never offer. Snapchat has suggested that it is going to release an official API but has also stated, "We’re going to take our time to get it right."
The fundamental problem with Snapchat's interim approach is that by warning users but not penalizing them or blocking their use of unauthorized apps, users are still left vulnerable. Snapchat is, after all, a photo-sharing service, and Snapchat users who don't use unauthorized apps could still see their private content exposed if they share that content with users who do.
Obviously, that doesn't mean Snapchat's efforts will be futile. With the risks posed by unauthorized apps becoming more apparent, warnings could be enough to persuade some users to bend to Snapchat's will. But absent a full-blown crackdown intended to cut off all unauthorized apps or the creation of an official ecosystem for third-party developers, it's unlikely Snapchat's latest move will eliminate future incidents.