The Sm@rtEdgeLaw Group

- "Smart companies need a Sm@rtEdge" TM

How secure is your mobile app? Or the ones your employees use?

A new update from the Federal Trade Commission (“FTC”) highlights that mobile apps remain a key security weakness. In connection with its recent investigation of mobile apps from Fandango and Credit Karma, the FTC has warned consumers that app developers (even those with the best of intentions) continue to drop the ball in ensuring security delivered matches promises and in encrypting data.

Markedly, these firms failed to validate security certificates to ensure that sensitive information, such as credit card numbers and social security numbers, was being delivered to the verified correct location. Such a hole in application security opens the door to a “man in the middle attack” that could easily allow an attacker to “spoof” traffic via an intentionally fake website, mimicking the online services, or simply just intercepting the data.

diagram of a man in the middle attack

Further compounding the situation, the FTC notes that many mobile users routinely send sensitive data over open un-encrypted public Wi-Fi hotspots. This often innocent mistake can leave personal data ripe for a hacker’s taking if applications that don’t take the proper precautions to secure customer data are used and the FTC recommends users disable those settings on smartphones and tablets that allow automatic connection to nearby open Wi-Fi networks.

With the average total organizational cost of a data breach in the U.S. weighing in at $5.4 million dollars (according to a recent Ponemon 2013 Cost of Data Breach study), can you afford to take the risk that your mobile applications are not being vetted for data security?

To discuss your own mobile app security efforts, the FTC’s latest alert or how a risk assessment is a crucial step in your development process, feel free to contact us at or 203 307-2665.

SIgn up for “Smartedge Perspectives” Alerts

Updated: 03/31/2014 — 9:34 am

The Author

John Pritsiolas

© 2014 Sm@rtEdge LLC. All Rights Reserved. Attorney advertising. Prior results do not guarantee a similar outcome. Site Map Privacy Policy Frontier Theme
%d bloggers like this: