How secure is that mobile app?

A long time ago, in a galaxy far, far away, people used phones primarily to call each other. Strange, huh?

Today, in this galaxy, many of us depend on our phones to take care of everyday tasks like waking up on time, keeping track of our calories, and sharing photos and updates. Need movie tickets? Tap, tap, and done. Want to track your credit history and get free credit scores? Yep, you can do that, too.

Unfortunately, according to the FTC, apps don’t always secure the information they send and receive, and that could lead to serious problems for users. Two companies the FTC is focusing on today: Fandango and Credit Karma. The FTC says these popular services didn’t properly secure information sent through their apps — including credit card numbers (Fandango) and Social Security numbers (Credit Karma).

Neither company validated security certificates to make sure the app was sending the information to the right place. That left users vulnerable to “man in the middle attacks.” An attacker could trick the app into letting him access communications between the app and the online service. Neither the person using the app nor the online service would know the attacker was there.

diagram of a man in the middle attack

An app that does not validate its security certificate leaves users vulnerable to “man in the middle” attacks.

Research suggests that many apps don’t encrypt information properly. So, if you plan to use a mobile app to conduct sensitive transactions — like filing your taxes, shopping with a credit card, or accessing your bank account — use a secure network. That way, even if the app doesn’t encrypt the information, the network does.

Keep in mind that most public Wi-Fi networks aren’t secure. If a hotspot doesn’t require a WPA or WPA2 password, it’s probably not secure. You might want to change the settings on your mobile device so that it doesn’t connect automatically to nearby Wi-Fi.

Finally, if you haven’t already, take steps to secure your home wireless network

Blog Topics: 
Privacy & Identity

Comments

what is the recommendation with these sites, credit karma for example, should we cancel the online accounts with them?
thanks
Diana A

Hi, Diana, the FTC's complaint alleges security problems only with the mobile apps -- not the online services. And going forward, both companies are required to to establish comprehensive security programs and to undergo independent security assessments every other year for the next 20 years. One of the best things you can do to protect your information is request your free credit reports every year -- and check them for any accounts or charges that you don't recognize.

We tend and expect our information to be secure in these and other large web based programs, I’m surprised to hear about creditkarma, I use their service and can wait to had the service suspended. Here we are telling ourselves that we need to protect ourselves and out in the open … shame …

Is it safe to do all these things through your cell
signal like 3G ?

Generally, your cell phone's data network provides a much more secure connection than a public hotspot. Our updated article about using public Wi-Fi has tips and recommendations for protecting your info.

I got a message from Barclays Bank recently that someone else has registered for Barclays Mobile Banking on my old device. My old device was deactivated. This is one example of security problems associated with modern mobile phones. I will not attempt to give details here. There is no privacy when any telephone can easily be hacked at will.

This library e-mail in Austin represents identity theft within extortion and espionage and confounded roots in organized crime. I have been victim of this fraternization application within public internet for three years.

Thanks for the needed information for our personal protection. Thanks.

I understand what you mean by MAN in the middle attacker. I have been living with this for a long time. There is no privacy whatsoever as far as I can attest. My accounts have been compromised several times by using mobile telephones. I believe that the services providers are complicit in the several frauds perpetrated on my accounts. I cannot send a message, make calls( rerouted through several phones) before i can be connected. There are several functions on my phones that has been blocked. My passwords are easily changed. I have refused to sign any contract with any telephone company after my experience with 3G when I was paying £300.00 a month for a contract of £25.00. No amount of encription can stop my server. He is an expert. He can do whatever he likes with my telephones and computers.

I always suggest to use a computer with the proper security for our students. Never, never use an app to view your credit score, bank accounts, etc!!!

I'm sorry if this sounds ridiculous, but I have to ask anyway. We got our two daughters cell phones for this past Xmas and it's got me wondering if there's any type of anti-virus software available for them. I have anti-virus software on my laptop so I'm thinking there's got to be something for the new smartphones out there.

Things are so different now compared to when we were growing up as kids. I've been hit twice since November with identity theft, so who knows what they can do over a cell phone.

Again sorry if it's a stupid question, but I had to ask. Comments?

I have a unique situation concerning Identity theft. Our house was burgularized, but the theives stole identy infornation over period of time. S.S. card(obviously), bank and credit statements and finally website names and passwords. The email&passwd addresses where then ripped out of the notebook. Identity theft checkmate. Oh, Police will not responded if have pictures of items stolen. We see Police Officiers really obuse power and very very lightly as in case of officiers shooting someone 30+ times; in defense they are minority helping us all living a life in peace and full of hope GO FTC.GOV we have your back now and in when things are difficulty for the innocent of you,

DO THINGS THE OLD FASHION WAY BY USPS OR ON YOUR HOME PHONE . NO ONE WANTS THEIR INFO ALL OVER THE INTERNET & USE A GOOD PRIVATE ACCOUNT TO DO YOUR TAXES . I USE THE ACCOUNTANT THAT DOES THE LACKAWANNA COUNTY TAXES , & HE IS SO MUCH CHEAPER TO USE THAN H&R BLOCK . VERY SAFE .

Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.