When you encounter a website or mobile app that requires you to log in or register, do you use your social media account to do so? If you answered “yes,” you are part of a growing majority according to a Gigya survey, which found that social login use is on
Continue Reading “Convenience is King” When it Comes to Social Login Usage
mobile security
FTC Settlement Requires Fandango and Credit Karma to Establish Comprehensive Security Programs to Protect Consumers’ Sensitive Personal Information
The Federal Trade Commission (“FTC”) has approved final orders settling charges against Fandango and Credit Karma that the companies misrepresented the security of their mobile apps and failed to protect the transmission of consumers’ sensitive personal information. The FTC specifically alleged that, although the companies made security promises to consumers…
Continue Reading FTC Settlement Requires Fandango and Credit Karma to Establish Comprehensive Security Programs to Protect Consumers’ Sensitive Personal Information
FTC Seeking Additional Public Comment on Mobile Security
Following up on a June 2013 forum on mobile security, the Federal Trade Commission (“FTC”) announced last week that it is seeking public comment to “expand the record on these issues with an eye towards [producing] a report.” As we previously reported, the FTC held a panel in June…
Continue Reading FTC Seeking Additional Public Comment on Mobile Security
FTC Announces Settlements with Two Mobile App Providers
Today, the Federal Trade Commission announced settlements with two mobile app makers that allegedly failed to provide reasonable security for the personal information collected in connection with their apps. In complaints against Credit Karma, Inc. and Fandango LLC, the FTC alleged that both companies’ apps failed to validate SSL certificates, a security shortcoming that could have allowed an attacker to connect to the app—and collect unencrypted sensitive information—by presenting an invalid certificate. (This type of attack is sometimes called a “man-in-the-middle attack.”) Both respondents agreed to 20-year consent orders requiring, among other things, that they establish comprehensive information security programs.
These cases are important for a number of reasons: they reinforce past FTC guidance on the importance of performing security reviews and testing, overseeing service providers, and providing channels whereby security researchers can report vulnerabilities. But what might be most notable is that in neither case does the FTC specifically allege that the respondent’s practices were “unfair” within the meaning of the Section 5 of the FTC Act. Instead, both cases appear predicated upon the FTC’s authority to take actions against companies engaged in “deceptive” practices.Continue Reading FTC Announces Settlements with Two Mobile App Providers
HTC America’s Settlement with FTC Becomes Final
Yesterday, the FTC announced that it had approved a final order settling charges that HTC America failed to take reasonable steps to secure the software it developed for mobile devices. (We’ve previously blogged about the case here.) The FTC alleged that this failure amounted to an “unfair” practice in…
Continue Reading HTC America’s Settlement with FTC Becomes Final
FTC Announces Information about Upcoming Mobile Security Forum
Today, the Federal Trade Commission released the agenda and panelists for the public forum it is holding on mobile security, Mobile Security: Potential Threats and Solutions, on June 4, 2013. The forum will bring together technology researchers, industry members, and academics to explore mobile malware, the security of existing…
Continue Reading FTC Announces Information about Upcoming Mobile Security Forum