How Snapchat shares your (and your kids’) location

Snapchat has introduced a “whole new way!” (maybe new to Snap: not to Facebook, Apple and Google) for you to “explore the world” and “meet up with friends”: a location-sharing “Snap Map” that shows when nearby friends are…

…at a dance party!

…or a magic show!

…or having their privacy breached and their location leaked because they didn’t realize that Snap posts their location on Snap Map every time they open the app.

Well, not quite: I heard from Snap after initially publishing this story, and it turns out I wasn’t giving credit where credit’s due. Snapchat will only post your location on Snap Map every time you open the app if in fact you’ve enabled Map to share your location with friends. Plus, if a Snapchatter does opt in to share their location with all of their friends on Snapchat, the app will periodically remind them of that choice to make sure they’re still comfortable with it.

So, thankfully you have to opt in. Snap Map will not show a user’s location otherwise. A spokesperson said that if you’ve never opened Map, your location won’t show up.

If you went ahead and opted in to share your location and then forgotten all about the choice, the clock starts ticking. Snapchat will make your location disappear after 8 hours. Note that that’s 8x the one hour you get with location-sharing from apps such as Messenger and those on Apple iOS and Google Android.

A quibble: that’s a lot longer to be beaming about your location – and quite possibly forgetting that you’re doing so. Still, it’s sure better than having the app incessantly broadcast your location with no timer involved to turn it off.

Snap Map shows that, security- and privacy-wise, Snapchat’s come a long way since its early days, with its infamous “disappearing” photos and video messages that never actually went away at all, either on your phone or on its own servers.

Snapchat hasn’t been very popular in security circles for other reasons, such as what the FTC called deceptive marketing practices, as well as what security researchers blasted as really poor security of users’ account information.

Early history aside, Snap’s been shaping up. It picked up its security game in a big way since April 2014 when it hired a new director of information security, ex-Googler Jad Boutros, who said at the time he was building a “culture of security” at the company.

Then, two years ago, Snapchat released version 9.9.0 of the app for Android and iOS, with an optional new security feature called Login Verification that helps prevent unauthorized account access.

This kind of extra protection was especially relevant because it came at a time that Snapchat was offering additional services such as Snapcash, to help prevent a thief from logging in as you and sending money from your account to another Snapchat account.

It’s always a pleasant surprise to find Snapchat continuing to evolve into an ever more savvy practitioner of information security.

Having said that, there’s a lot that can go wrong with location sharing.

Over at The Verge, Dani Deahl recounts how she spotted the Bitmoji for a friend in a residential area when she first opened Snap Map.

A conversation ensued: Does her friend live at the intersection of X and Y streets? More particularly, at one of a handful of specific addresses? Bingo: one was correct, though Deahl had never been to her friend’s house.

The friend, actually, didn’t know she’d enabled Snap Map, and didn’t realize it was revealing her location.

When she updated Snap and went through the Snap Map introduction, she believed Snap was giving the option to geotag her Snaps for Our Story, as shown in the promotional video. Instead, she had inadvertently broadcast where she lived to every one of her Snap contacts.

Again, to retierate what a Snap spokesperson had to say, Snapchat does post your location to Snap Map every time you open the app, not just when you share Snaps to Our Story. But only once you’ve opted in to location sharing. So at worst, Snap seems to be guilty of not making that aspect glaringly obvious.

But bear in mind that Snapchat is crazy popular with children and teens. They, too, might be oblivious to how much location sharing is going on with Map: a worrisome lack of understanding when you’re talking about broadcasting a child’s location.

Users aren’t limited to a map of nearby friends. They can also search for specific locations, such as schools or playgrounds, with the map displaying any public photos or videos sent by students, as pointed out by The Telegraph.

Multiple police forces and child protection services have warned parents to turn off Snap Map on their children’s phones. In the UK, Preston Police had this to say on the department’s Facebook page:

For all the snapchat users on here, in the last few days they have released a new update which connects to your GPS, and automatically (unless activated ghost mode) shows where you are on a map to anyone who is on your friends list and posts can possibly seen publically depending on your settings!!

…Obviously this may cause concern for certain users, particularly those who have young children who use the app.

The Telegraph quoted a spokesperson for the National Society for the Protection of Children:

It’s worrying that Snapchat is allowing under 18s to broadcast their location on the app where it can potentially be accessed by everyone in their contact lists.

With public accounts, this will include those who are not known to the user. This highlights why it’s vital children are automatically offered safer accounts on social media to ensure they are protected from unnecessary risks.

…and this is what the UK Safer Internet Centre had to say:

It is important to be careful about who you share your location with, as it can allow people to build up a picture of where you live, go to school and spend your time.

Given how specific this new feature is on Snapchat – giving your location to a precise pinpoint on a map – we would encourage users not to share their location, especially with people they don’t know in person.

As Preston Police noted, Ghost Mode keeps your location private.

How to turn on Ghost Mode

To change settings, open Snapchat and pinch the screen. That will load Snap Map. When you do it for the first time it should ask you if you want to activate ghost mode. If it doesn’t, click on the icon in the top right-hand corner, where you’ll be able to tick a box to turn on ghost mode, like so:

What other apps are stalkery?

Two years ago, Facebook switched off default location tracking and gave users full control over when and how they share such information.

User choice? What a concept!

In March, Facebook Messenger did, though, enable live location sharing, taking a page from the way that Apple handles it in iOS and Google in Android. Namely, users can tap on the location icon within a message to begin sharing their location. They’ll get a map of their current position and the option to share it live.

Thankfully, you can’t leave that location sharing on indefinitely: a clock starts ticking, and you get 60 minutes to share location. Facebook also gives you an estimate of how long it would take you to meet your friends if going by car and shares that ETA with others.

In February, “Live Location Tracking” was also spotted in WhatsApp beta mode.

It was apparently switched off by default, as it should be. WhatsApp also gave users the ability to control how long the sharing continued.

Twitter likes to follow us around, too. To turn that off, this is what you do:

Twitter for iOS

1. Go to Settings and tap Privacy
2. Tap Location Services
3. Locate the Twitter app and tap to select Never

Twitter for Android

1. Tap the navigation menu or profile icon
2. Tap Settings and privacy
3. Under General, tap Location and proxy
4. Deselect the checkbox next to Location

Instagram? Ah, Instagram’s interesting. We’ve seen all sorts of abuse of its location data: there was the underwear thief who used Instagram location data to find victims’ homes, for example.

Instagram at one point was also providing access to its API to Geofeedia, an app used by police to monitor activists and protesters. Geofeedia was also tapping into APIs at Twitter and Facebook to create real-time maps of social media activity in protest areas. Those maps were used to identify, and in some cases arrest, protesters shortly after their posts became public, including in the Dakota pipeline protests in the US.

In March, Facebook and Instagram turned off the data faucet for that location-fueled surveillance.

For its part, Uber has its own stalker history. In December, with the update that brought us version 3.222.4, Uber began tracking users’ locations constantly when the app’s running in the background. It also asked users to always share their address books. Up until that point, it had only collected location data if a user had the app open.

Obviously, Snapchat’s recent debut into the location-sharing, potentially privacy-jeopardizing realm is only the most recent of a long list of apps that should all serve to remind us that when there’s an app update, whether to the app or to a phone OS, we should review our settings in case there’s a brand new privacy option with a default you didn’t expect.

Remember: if in doubt, don’t give it out, be it your taxpayer ID, your birth date, or your geolocation. You don’t know who will do what with that information, but we do know that plenty of people do plenty of dangerous things.