Snapchat, the app with ‘self-destructing pictures’, has been forced to reveal that images might not be gone for good, in a settlement with the Federal Trade Commision (FTC).

The FTC points out that third-party apps can be used to log into the Snapchat service, and because the deletion feature only functions in the official Snapchat app, recipients can view and save snaps indefinitely.

The complaint also suggested that the company’s Android app secretly recorded and transmitted the user’s physical location and that the app’s Find Friends service allowed hackers to steal 4.6 million usernames and phone numbers.

“If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises,” said FTC chairwoman Edith Ramirez. “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”

The FTC also claimed that Snapchat stored video snaps unencrypted on the recipient’s device in a location outside the app’s “sandbox,” meaning that the videos remained accessible to recipients who simply connected their device to a computer and accessed the video messages through the device’s file directory.

In a blog post, Snapchat admitted that mistakes had been made, stating: “While we were focused on building, some things didn’t get the attention they could have. One of those was being more precise with how we communicated with the Snapchat community.

“This morning we entered into a consent decree with the FTC that addresses concerns raised by the commission. Even before today’s consent decree was announced, we had resolved most of those concerns over the past year by improving the wording of our privacy policy, app description, and in-app just-in-time notifications. And we continue to invest heavily in security and countermeasures to prevent abuse.”

The company admits that it is “devoted to promoting user privacy”, adding that it is “something we’ve always taken seriously”.