Here’s the newest budding “trend” in the tech industry: when your app gets hacked and users’ privacy compromised as a result, don’t take the blame, but point your finger at an incompetent third-party application for its failure. In the span of one week, both Snapchat and Dropbox have resorted to this tactic after news of major security breaches broke. Snapchat is specifically naming Snapsaved.com as the leak source, while Dropbox vaguely faults “several third-party apps”.
One troubling implication with this blaming game is that by choosing and trusting poorly secured third-party application with their personal data, the users have no one but themselves to blame. Snapchat even specifically noted in a statement that “Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely”.
But still, the truth remains that Snapchat and alike could at least take partial blame for not managing their APIs and monitoring third-party services better. It is common practice for big-league social services like Twitter and Facebook to develop official APIs for better control over third-party apps, yet neither Snapchat nor Dropbox has released one. With more users turning to third-party apps for features unavailable in the main app, cloud-based services like these are in need of better regulation over their APIs. Resorting to a clause buried deeply inside a lengthy Terms of Use is not going to help eliminate the security concerns, and it is our hope that such “trend” will not catch on.