A few key lessons:
1. Don’t misrepresent. All representations about your software must be accurate, especially those concerning privacy. If you don’t secure the app using X methods, don’t say that it is secured that way! As the FTC states, “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”
3. If you have information, act! If users point out securities flaws with your software, seriously consider them and document action taken in response. In Snapchat’s case, numerous users pointed out security flaws that were disregarded and such conduct certainly factored into the FTC’s decision.