You are here

How secure is that mobile app?

Share this page

A long time ago, in a galaxy far, far away, people used phones primarily to call each other. Strange, huh?

Today, in this galaxy, many of us depend on our phones to take care of everyday tasks like waking up on time, keeping track of our calories, and sharing photos and updates. Need movie tickets? Tap, tap, and done. Want to track your credit history and get free credit scores? Yep, you can do that, too.

Unfortunately, according to the FTC, apps don’t always secure the information they send and receive, and that could lead to serious problems for users. Two companies the FTC is focusing on today: Fandango and Credit Karma. The FTC says these popular services didn’t properly secure information sent through their apps — including credit card numbers (Fandango) and Social Security numbers (Credit Karma).

Neither company validated security certificates to make sure the app was sending the information to the right place. That left users vulnerable to “man in the middle attacks.” An attacker could trick the app into letting him access communications between the app and the online service. Neither the person using the app nor the online service would know the attacker was there.

diagram of a man in the middle attack

An app that does not validate its security certificate leaves users vulnerable to “man in the middle” attacks.

Research suggests that many apps don’t encrypt information properly. So, if you plan to use a mobile app to conduct sensitive transactions — like filing your taxes, shopping with a credit card, or accessing your bank account — use a secure network. That way, even if the app doesn’t encrypt the information, the network does.

Keep in mind that most public Wi-Fi networks aren’t secure. If a hotspot doesn’t require a WPA or WPA2 password, it’s probably not secure. You might want to change the settings on your mobile device so that it doesn’t connect automatically to nearby Wi-Fi.

Finally, if you haven’t already, take steps to secure your home wireless network


what is the recommendation with these sites, credit karma for example, should we cancel the online accounts with them?
Diana A

Hi, Diana, the FTC's complaint alleges security problems only with the mobile apps -- not the online services. And going forward, both companies are required to to establish comprehensive security programs and to undergo independent security assessments every other year for the next 20 years. One of the best things you can do to protect your information is request your free credit reports every year -- and check them for any accounts or charges that you don't recognize.

We tend and expect our information to be secure in these and other large web based programs, I’m surprised to hear about creditkarma, I use their service and can wait to had the service suspended. Here we are telling ourselves that we need to protect ourselves and out in the open … shame …

Is it safe to do all these things through your cell
signal like 3G ?

Generally, your cell phone's data network provides a much more secure connection than a public hotspot. Our updated article about using public Wi-Fi has tips and recommendations for protecting your info.

I got a message from Barclays Bank recently that someone else has registered for Barclays Mobile Banking on my old device. My old device was deactivated. This is one example of security problems associated with modern mobile phones. I will not attempt to give details here. There is no privacy when any telephone can easily be hacked at will.

This library e-mail in Austin represents identity theft within extortion and espionage and confounded roots in organized crime. I have been victim of this fraternization application within public internet for three years.

Thanks for the needed information for our personal protection. Thanks.

I understand what you mean by MAN in the middle attacker. I have been living with this for a long time. There is no privacy whatsoever as far as I can attest. My accounts have been compromised several times by using mobile telephones. I believe that the services providers are complicit in the several frauds perpetrated on my accounts. I cannot send a message, make calls( rerouted through several phones) before i can be connected. There are several functions on my phones that has been blocked. My passwords are easily changed. I have refused to sign any contract with any telephone company after my experience with 3G when I was paying £300.00 a month for a contract of £25.00. No amount of encription can stop my server. He is an expert. He can do whatever he likes with my telephones and computers.

I always suggest to use a computer with the proper security for our students. Never, never use an app to view your credit score, bank accounts, etc!!!

I'm sorry if this sounds ridiculous, but I have to ask anyway. We got our two daughters cell phones for this past Xmas and it's got me wondering if there's any type of anti-virus software available for them. I have anti-virus software on my laptop so I'm thinking there's got to be something for the new smartphones out there.

Things are so different now compared to when we were growing up as kids. I've been hit twice since November with identity theft, so who knows what they can do over a cell phone.

Again sorry if it's a stupid question, but I had to ask. Comments?

I have a unique situation concerning Identity theft. Our house was burgularized, but the theives stole identy infornation over period of time. S.S. card(obviously), bank and credit statements and finally website names and passwords. The email&passwd addresses where then ripped out of the notebook. Identity theft checkmate. Oh, Police will not responded if have pictures of items stolen. We see Police Officiers really obuse power and very very lightly as in case of officiers shooting someone 30+ times; in defense they are minority helping us all living a life in peace and full of hope GO FTC.GOV we have your back now and in when things are difficulty for the innocent of you,


My boyfriend and I have the same network thru Boost mobile. Of course he knows my cell number, but he is also able to see all texts incoming and outgoing. He has access to my Facebook account and can read my messenger app messages I send out thru my Facebook messenger. He also receives record of who has called my cell number and who I call from my cell phone. I'm not real tech savvy but I can't figure out how to remove his mobile cell fr receiving my private usage I of my mobile cell. Can anyone tell me how to remove this action from his cell? I'd like to put a stop to this by doing some action from my mobile cell. Please...Any info would be appreciated by anyone! Thank You!

You might want to call your service provider (Boost mobile) and ask about this issue.

I have a cell phone that is rooted and i dont know what to my phone call a redirected and my websites my emails deleteed my data say its used up when ists not please help

If you're having trouble with your computer and email, read how to get rid of malware that might be installed on your computer. Contact the company that provides your phone and internet service to ask abut your data usage.

I wish there was a way to tell if mobile "apps" were encrypting at all (and of course encrypting correctly)! While with a website on a PC you've got quite a lot of info you can view about whether and how a connection is encrypted, you get none of that on mobile "apps".

Like right now I'm searching for whether the Facebook app on Windows 10 and iOS are encrypted. I have no clue...the website is. You'd hope the "app" is too, but...who knows?

how can I check mobile app is secure or not??

This FTC article about understanding mobile apps has information about app security.

Leave a Comment