FTC Enforces Privacy Policies
The main charge against the companies was that they disabled SSL encryption of customers’ communications, leaving them vulnerable to hackers, despite telling customers that they used encryption. SSL is one of the strongest protections for customer data, and is widely available. Notwithstanding the Heartbleed exploit (which affects OpenSSL software), it’s still the most used encryption system out there.
“Consumers are increasingly using mobile apps for sensitive transactions,” said FTC Chair Ramirez. “Yet research suggests that many companies, like Fandango and Credit Karma, have failed to properly implement SSL encryption. Our cases against Fandango and Credit Karma should remind app developers of the need to make data security central to how they design their apps.”
Cyber Report – FTC Announces Mobile App Security Consent Decrees