As an ever-growing number of smartphone and tablet owners continue to turn to mobile apps with greater and greater frequency, many companies are feeling tremendous pressure to ramp up their mobile app development efforts. Failing to keep pace with industry trends can significantly damage a firm's standing and result in countless missed opportunities for new business.
However, it is critical that businesses do not overlook established standards for information security while pursuing these goals. As important as time-to-market is when it comes to mobile app development, a lack of security precautions will often ultimately prove far more costly than a delayed release.
As a case in point, Mondaq recently reported that the Federal Trade Commission has charged two major companies with violating the FTC Act by failing to abide by mobile app security regulations.
Data security shortcomings
The two companies in question were Fandango and Credit Karma. Fandango's iOS app allowed customers to purchase movie tickets as well as view film information, including reviews, trailers and show times. Credit Karma offered an app for both iOS and Android that enabled its customers to view their financial status.
Both companies violated the FTC Act in two ways, Mondaq reported. First, they misrepresented the level of security offered by their mobile apps. Second, the companies did not take "reasonable steps" to protect sensitive personal information as it was transmitted through the Web.
"Rather than using the default SSL encryption, Fandango and Credit Karma overrode the default validation process. In so doing, the FTC alleges that the companies exposed consumers' credit card details, email addresses and passwords to theft and abuse," Mondaq noted.
The news source reported that both Fandango and Credit Karma have settled the FTC's charges and agreed to make changes to improve their app security. Both companies agreed to develop comprehensive programs to oversee their app development processes with a specific focus on security.
Additionally, Fandango and Credit Karma will submit to an independent security assessment once every other year for the next 20 years.
A growing concern
Mondaq reported that the FTC is becoming more aggressive in its efforts to ensure companies satisfactorily secure consumer data obtained via mobile apps. Firms that fail to fully protect this information, or exaggerate the quality of their defenses, are likely to come to the FTC's attention.
"As mobile devices proliferate and companies collect a growing amount of data on consumers, it's clear that the FTC will be paying close attention," the news source concluded.
And this is not the only danger that companies face if they do not upgrade their mobile app security efforts. Even more significantly, these firms run the risk of experiencing a data breach, which could expose vast amounts of sensitive customer information. If this occurs, firms will likely face additional, greater sanctions, including hefty fines.
Furthermore, such incidents inevitably draw a tremendous amount of media attention, which will greatly tarnish the company's reputation. Consumers are becoming increasingly security conscious, and many will be unwilling to download an app or do business with a company that has demonstrated an inability or unwillingness to effectively protect client information. It can take years for an organization to overcome this stigma.
That is why companies must embrace high-quality tools to ensure application security throughout the development process. By doing so, organizations can drastically reduce the risk that they will experience a data breach or be targeted for compliance violations.