On Aug. 10, 2023, a Facebook user named Chris Cullum published a post that detailed various security concerns about Saturn, a scheduling mobile app that's intended for high school students.
In less than one week, his post was shared well over 100,000 times.
In this story, we'll take a look at Cullum's now-viral post, the app's purported vulnerabilities, and the company's history and plans for the future. We'll also lay out what we believe to be important questions that we sent to the company, even though we did not receive answers in response.
Aug. 10: The Viral Facebook Post
Cullum, who said he was 41, wrote that Saturn was brought to his attention after his daughter started using the app to keep up with her class schedule. The app also includes capabilities for chat and event organization, as well as other features.
According to Cullum's post, despite being an adult, he was able to create his own account with Saturn. While signing up for the account with his phone number, he fibbed and chose the age of a teenager. He said he was then allowed access to high school students' class schedules, information, pictures, and personal social media accounts, with no apparent further verification steps required.
The viral nature of the post led multiple readers to ask us via email if the Saturn app was considered dangerous.
The key question appeared to center around whether criminals, such as sexual predators, for example, could sign up for the app and access information and pictures that were only intended to be visible to students.
In an effort to try to answer these questions, we looked at the data that was available to us and compiled a list of what we deemed to be key questions. Most important to come out of all of this: a software update.
Note: Parents and teachers are not allowed access to the app, according to the company's safety center page.
Aug. 13: Software Update Announcement
Three days after Cullum created his post, the app's creator, Saturn Technologies Inc., published what appeared to be the first blog post on the company's website that said they had submitted a new software update to Apple.
The blog post started off by addressing the fact that Saturn's "rapid growth" had brought with it "reasonable questions from students, parents, and schools."
The company claimed that the software update to the app included "a suite of improvements" toward "strengthening verification" and keeping unverified users "walled off from verified users and their information."
On Apple's App Store, the software update went live on Aug. 14. It was described as follows: "This release contains a suite of improvements designed to make the platform safer and more secure."
In other words, it appeared that the company's blog post and software update may have been prompted, at least in part, by Facebook posts by Cullum, and potentially other users. This timeline and the fixes described in the company's blog post indicated that at least some of the vulnerability claims made by Cullum had validity.
This all meant that, yes, the app at least previously potentially posed some dangers due to the vulnerabilities that were patched by the new software update. As with all social-networking mobile apps, whether or not further vulnerabilities that exist in a present build will be discovered in the future is something that remains to be seen.
We reached out to Cullum via Messenger to ask if he had more thoughts to share following the software update. He told us he may post further comments in the future, but did not pass along anything new at this time.
Protect Young Eyes Review and App Safety
As noted by WSLS-TV, an organization known as Protect Young Eyes published a detailed review of why it did not believe the app was safe for kids. The group, which has its own app, says on its website that its purpose is to "help create safer digital spaces" for children.
The review from the organization said, in part, "No, Saturn is not safe for teens because it introduces unnecessary risk into the already noisy, chaotic lives of teens, and has too many risky, unproven features."
In Saturn's Aug. 13 blog post, they included the following information about safety: "We want to be clear: our most important job is keeping students safe—and we take this responsibility very seriously. We're constantly working to make Saturn safer for every user on the platform."
Aug. 14: Snopes' Questions to Saturn
On Aug. 14, we contacted Saturn by email with a list of clarifying questions.
In our questions, we wanted to know more regarding each of the three sentences in the paragraph below from the company's blog post. Specifically, we wanted to know the amount of "contact overlap" that users needed to be verified, how Saturn determines if a phone number is deemed to be suspicious, and what steps or time period would trigger a failure of account verification:
We're strengthening verification:
We've raised the bar for the amount of contact overlap users must have with other students at a school to be verified. New features in our backend system will also proactively flag and block phone numbers that we deem suspicious from registering for Saturn. If a user fails to verify using our improved protocol, their account will be restricted from participation in any school community and eventually removed.
We asked for numbers of the app's total user count and active user count, as well as how many staffers were working for the app as content moderators to monitor activity.
We inquired about Cullum's Facebook post and asked that, if his findings were correct, why the potentially glaring issues weren't caught and fixed sooner.
We also wanted to know if the company had documented any cases of adults accessing the app to attempt to engage in criminal activity.
This story will be updated if we receive any further information from the company.
Saturn's Popularity and Data Vulnerability
Saturn was founded in 2018. It is currently only available as a mobile app on iOS devices, where it has thus far received more than 24,200 ratings to achieve a review score of 4.7 out of 5. We asked the company if an Android version of the app was in the works, but did not receive an answer.
As a detailed article from 9to5Mac.com noted, as of mid-August, Saturn was one of the top free apps on Apple's App Store, even ranking ahead Microsoft Teams, Spotify, Google Chrome, Cash App, and Amazon Shopping.
The article also made important mention of the fact that, at least prior to the software update, data could have apparently potentially been exploited from within the app by anyone for free.
"The problem is that anyone could easily exploit the data freely available on the platform in the real world or on another platform," senior editor Zac Hall wrote. "If a Saturn user's information was used maliciously, Saturn would never be directly linked to the incident."
Funding from Jeff Bezos and Ashton Kutcher
According to a job posting, Saturn is starting off with capabilities for high school students, though the company apparently has expansion plans for a larger, unspecified user base.
The job listing also said that the company received more than $44 million in funding from the likes of Amazon founder Jeff Bezos, as well as actor and entrepreneur Ashton Kutcher's co-founded company Sound Ventures, among others:
We're starting in high school and help tens of thousands of users manage their time and stay better connected with friends. The majority of our users are active daily. We've raised more than $44 million in funding from General Catalyst, Insight Partners, Coatue, Jeff Bezos, Marc Benioff, Dara Khosrowshahi, Dick Costolo and Adam Bain's 01 Advisors, Elad Gil, Hadi Partovi, Ashton Kutcher's Sound Ventures, and other top venture investors.