Earlier this year, the Federal Trade Commission announced consent decrees with two companies, Credit Karma and Fandango, for failing to take reasonable steps to secure their apps.
Interestingly, the FTC specifically cited both companies for disabling the SSL certificate validation, which would have verified that the apps’ communications were secure. By disabling the certificate, the companies potentially exposed their users’ data to hackers and thieves.
The consent decrees being entered into in those cases will require the companies to put in place comprehensive security programs to address risks related to the development and management of new and existing products and to protect the security, integrity, and confidentiality of information covered by the order. Under the decrees, the companies will remain subject to independent security audits every other year for the next 20 years. A similar fate could well befall other companies that do not take what the FTC regards as reasonable steps to secure their apps. Do you want to be that company?