mobile security

The Federal Trade Commission (“FTC”) has approved final orders settling charges against Fandango and Credit Karma that the companies misrepresented the security of their mobile apps and failed to protect the transmission of consumers’ sensitive personal information.  The FTC specifically alleged that, although the companies made security promises to consumers
Continue Reading FTC Settlement Requires Fandango and Credit Karma to Establish Comprehensive Security Programs to Protect Consumers’ Sensitive Personal Information

Today, the Federal Trade Commission announced settlements with two mobile app makers that allegedly failed to provide reasonable security for the personal information collected in connection with their apps.  In complaints against Credit Karma, Inc. and Fandango LLC, the FTC alleged that both companies’ apps failed to validate SSL certificates, a security shortcoming that could have allowed an attacker to connect to the app—and collect unencrypted sensitive information—by presenting an invalid certificate.  (This type of attack is sometimes called a “man-in-the-middle attack.”)  Both respondents agreed to 20-year consent orders requiring, among other things, that they establish comprehensive information security programs. 

These cases are important for a number of reasons:  they reinforce past FTC guidance on the importance of performing security reviews and testing, overseeing service providers, and providing channels whereby security researchers can report vulnerabilities.  But what might be most notable is that in neither case does the FTC specifically allege that the respondent’s practices were “unfair” within the meaning of the Section 5 of the FTC Act.  Instead, both cases appear predicated upon the FTC’s authority to take actions against companies engaged in “deceptive” practices.Continue Reading FTC Announces Settlements with Two Mobile App Providers

Yesterday, the FTC announced that it had approved a final order settling charges that HTC America failed to take reasonable steps to secure the software it developed for mobile devices.  (We’ve previously blogged about the case here.)  The FTC alleged that this failure amounted to an “unfair” practice in

Continue Reading HTC America’s Settlement with FTC Becomes Final

Today, the Federal Trade Commission released the agenda and panelists for the public forum it is holding on mobile security, Mobile Security: Potential Threats and Solutions, on June 4, 2013.  The forum will bring together technology researchers, industry members, and academics to explore mobile malware, the security of existing

Continue Reading FTC Announces Information about Upcoming Mobile Security Forum