Share with your network!
In a recent blog post, Team Snapchat responded to users who were complaining of a recent increase in spam (emphasis in the original):
While we expect to minimize spam, it is the consequence of a quickly growing service. To help prevent spam from entering your feed, you can adjust your settings to determine who can send you Snaps. We recommend “Only My Friends” :)In fact, even if you restrict incoming Snaps to friends only, you can still receive a spam friend request with a pending snap attached. Snapchat claims that so far as they know the recent data breach has nothing to do with the spam increase. However, the release of 4.6 million Spamchat user names will have given the spammers 4.6 million targets to send friend requests to, so Snapchat's statement may indicate that they don't know for certain, and perhaps don't want to find out. I find it significant that Snapchat's first response to the data breach was to hire lobbyists rather than engineers. Snapchat's recruiting page still does not show any vacancies for any engineers with computer security or anti-spam experience. The main problem that leaves Snapchat wide open to abuse is that they have a simple API between the app running on mobile devices and their servers. This has been reverse engineered and the details have been published. This makes it easy for spammers and hackers to write scripts which automate processes such as obtaining user information, creating new user accounts in bulk, or sending spam friend requests. There is no excuse for this. Snapchat owns both ends of the communications link, so the API should have been obfuscated and encrypted. (Yes, reverse engineering of Android apps is possible, but let's not make it easy for the script kiddies.) On top of this Snapchat seems to have little or no safeguards in place to prevent automated use of the API. Rate limiting by device and blocking of known bad IP addresses would be a good place to start. Finally, in order to report spam, the user has to leave the Snapchat app and find the Spam reporting page on the Snapchat web site, which is buried three levels deep and requires you to log in with your Snapchat username and password. Then you have to copy the information from the spam you received into a dialog box to submit it. The data entry is free from, so it will have to be reviewed manually to determine the sending account. Sorry, Snapchat, but the spammers have automated everything, you need to do the same. There should be an automated way of reporting spam within the app. Until you have a Report Spam button on both friend requests and individual Snaps, I have a hard time believing that Snapchat spam is a inevitable consequence of growth rather than the result of Snapchat's indifference.