If you’re using a third-party Snapchat app, it’s time to delete it. Change the password to your Snapchat account while you’re at it.
Will Strafach of Sudo Security Group, a company that researches security vulnerabilities in apps, came across numerous third-party Snapchat apps ignoring modern security conventions by sending user data over insecure connections.
The apps tested were on iOS, but that’s not to say that Android apps are immune, just that they weren’t included in the test.
The first offending app was Snapix. When a user enters their Snapchat login details into Snapix, the app transmits this data, in plain text, over a non-secure connection. Worse, it stores this data on its own server as well. There’s no legitimate reason a third-party app would need to store login information on its own server, but that’s not stopping Snapix.
Snapix may have been the most egregious offender, but it was by no means the only third-party Snapchat app with severe vulnerabilities. Two other applications, Quick Upload and SnapBox were also guilty of sending secure data in plaintext over an insecure connection.
Strafach only tested a few apps for these vulnerabilities, so this shouldn’t be interpreted as an exhaustive list. In fact, it’s generally better to avoid third-party applications that extend the functionality of social networks entirely as Snapchat itself warned in this blog post after a 2014 leak that saw thousands of videos and images leaked.
“When you give your login credentials to a third-party application,” Snapchat representatives said, “you’re allowing a developer, and possibly a criminal, to access your account information and send information on your behalf.”