With regards to free apps or web services it become commonly known that `if you are not the customer you are product` but in recent years the sale and collection of personal information has become more aggressive. The topic of discussion for this article is Snapchat and the ramification of the gathering of personal information and it's affect on not only your privacy but others privacy you are in contact with.
It begins with consent. When you signup to a website such as facebook.com or twitter.com you have some idea of the kind of personal information that you're providing to these companies and they generally have a consensus that just about anything can be done with this data. In both of these sites however, by signing up to these sites you've given consent to store this data, with twitter.com your email, phone number and password are required to authenticate. facebook.com on the other hand allows you to access their service with minimal data but many users go further to include things like their birthday to complete their profile and get more out of the service. Again, these parts are optional. facebook.com asks for you for your real name and several other pieces of personal information as seen below on their signup screen.
For those who are skilled information security, this article may not be news for you, but you are not the target audience however I value your views
twitter.com requires significantly less information to signup and does not have real name policies. Even recent attempts to capture birthday information has received negative attention from privacy advocates.
Now onto Snapchat; the notion of Snapchat is once the always gets the older generation to say "oh I know what that's for" whenever I introduce them to the app. It was initially meant to be a private way to share photo's from one user to another without allowing the receiving user to save the image, however simple and complex ways around the restriction have created a market of their own with all the "Snapsave" style apps on the market. Speaking of which Snapchat is currently the 7th most popular free app on the Google Play store.
Snapchat lets you find your friends a few way, including: Add by Username, Add from Address Book, Add by Snapcode (which is a fancy proprietary QR code style reader), or Add Nearby which would leverage location services.
Now you might say "Well just don't use it?" Well there are two problems with that; the first is that even if you don't use it, your friends will likely use it to find you or others. Maybe your friends already know you're sick of Farmville requests and would prefer to stick this one out. Sounds good in theory, except everyone who allows Snapchat to read their contacts invariably allows Snapchat to read their contacts without the contacts explicit permission. When we talked about Facebook and Twitter before I mentioned how a user consents to these services. But in the case of Snapchat, the sheer act of being friends or even contacts with a person, unknowingly whom uses Snapchat allows Snapchat to have your personal information. Normally if a stranger asked for your mothers contact information you wouldn't provide it to them without a good reason for it. But with Snapchat you don't even get the option to make that decision. This is about informed consent, and it's not just you anymore, it is the hundreds of people in your contacts list.
Okay, so they're invading the privacy of you and your contacts. Now at least we know when they are doing it right? You enter the Add Friends from Address Book and it reads your contacts to display them to you so you can select each friend. No. Bringing us to our second point instead of accessing your contacts when you access the menu option Snapchat instead accesses your contacts each and every time you open the app, it also appears to sometimes read your contacts list if you put the app into the background then reawaken it. I will prove this by providing screenshots from my Android device, running Cyanogenmod's Privacy Guard. This app allows you to revoke access to personal information which I'll get into more later. Below are the steps used to show the attempted access.
Okay, so Snapchat is accessing your contacts on startup rather then when needed, what else is Snapchat doing that might be unethical? Well perhaps the "Filters" option in Snapchat is more telling of the value of your privacy. As seen below; Snapchat has an option to get certain filters, from simple colour corrections to silly things like rainbow barf. Sounds kinda fun right? Wait...
You'll note the red text in the image. That's due to my device having filters on who can access location data. As mentioned before Privacy Guard is very helpful, if you select a certain option any app the is installed has several settings enabled by default for your privacy. The options such as Location and Read contacts and will prompt you to ask if you wish to deny or allow on requests. I'd highly recommend anyone with technical knowledge to install Cyanogenmod's to use Privacy Guard. It let's you use the apps you want while controlling the PI touch locations (Personal Information) that organizations have access to. This is also a problem, Cyanogenmod's like the AOSP project is open source. So Google and the AOSP project could use the source code in their project. Luckily Android Marshmallow sports a new feature which allows app permissions to be revoked at any time. This is a great alternative to those who are not savvy enough to install custom firmware like Cyanogenmod. But OEM provides of cellphones refuse to update the software on their phones, likely to increase their own sales of new phones for people who think the OS version is a selling feature. So persons with old phones miss out on these features.
Returning to the data retention that Snapchat does remember that Snapchat has Snapchat which allows you to "pay your friends." I'll let this twitter user explain this concept to those who may not understand the situation.
Now, I will remind anyone reading this that Snapchat is not the only offender to this problem of abusing data collection and retention. Nearly any app in the top list of apps abuse their access to your data and request app permissions in order to data mine your personal information rather then adding value to the user. So if you think I'm picking on Snapchat that's just not true, the Twitter app for Android, and Facebook and Facebook Messenger apps allegedly request contact data and location at weird, inappropriate times. The Twitter app is again, significantly better then Facebook. This is just a reminder that you really should care and value your own personal privacy like you would if someone was pointing a telescope in your windows, not treating it like a fact of life.