Fandango, Credit Karma settle with FTC over app security flaws
Movie ticket company Fandango and credit monitoring company Credit Karma settled with the Federal Trade Commission (FTC) over their apps’ security measures.
The companies claimed to securely collect and transmit users’ information but disabled a default security mechanism that protects users’ information as it travels over the Internet, according to the FTC.
{mosads}Fandango did not use the Secure Sockets Layer (SSL) encryption to protect the payment information of users’ buying movie tickets on Apple devices, while Credit Karma did not use the SSL encryption to protect users’ information on both Apple and Android devices, the agency said.
By failing to use the SSL encryption, “the companies’ applications were vulnerable to ‘man-in-the-middle’ attacks, which would allow an attacker to intercept any of the information the apps sent or received,” the agency said.
According to the announcement of the settlements, both companies “could have easily” prevented the security gap by performing basic tests on their apps.
“Research suggests that many companies, like Fandango and Credit Karma, have failed to properly implement SSL encryption,” FTC Chairwoman Edith Ramirez said in a statement.
“Our cases against Fandango and Credit Karma should remind app developers of the need to make data security central to how they design their apps,” she said.
Under the settlements with the mobile app companies, Fandango and Credit Karma must improve their apps’ security measures and undergo annual independent reviews of the apps’ security for the next 20 years. Additionally, the companies are prohibited from misrepresenting their security and privacy practices.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..