How secure is that mobile app?

A long time ago, in a galaxy far, far away, people used phones primarily to call each other. Strange, huh?

Today, in this galaxy, many of us depend on our phones to take care of everyday tasks like waking up on time, keeping track of our calories, and sharing photos and updates. Need movie tickets? Tap, tap, and done. Want to track your credit history and get free credit scores? Yep, you can do that, too.

Unfortunately, according to the FTC, apps don’t always secure the information they send and receive, and that could lead to serious problems for users. Two companies the FTC is focusing on today: Fandango and Credit Karma. The FTC says these popular services didn’t properly secure information sent through their apps — including credit card numbers (Fandango) and Social Security numbers (Credit Karma).

Neither company validated security certificates to make sure the app was sending the information to the right place. That left users vulnerable to “man in the middle attacks.” An attacker could trick the app into letting him access communications between the app and the online service. Neither the person using the app nor the online service would know the attacker was there.

diagram of a man in the middle attack

An app that does not validate its security certificate leaves users vulnerable to “man in the middle” attacks.

Research suggests that many apps don’t encrypt information properly. So, if you plan to use a mobile app to conduct sensitive transactions — like filing your taxes, shopping with a credit card, or accessing your bank account — use a secure network. That way, even if the app doesn’t encrypt the information, the network does.

Keep in mind that most public Wi-Fi networks aren’t secure. If a hotspot doesn’t require a WPA or WPA2 password, it’s probably not secure. You might want to change the settings on your mobile device so that it doesn’t connect automatically to nearby Wi-Fi.

Finally, if you haven’t already, take steps to secure your home wireless network

Blog Topic: Be Smart Online


It happened to me . Had someone set up first I Phone& they imputed their own personnel info. What a mess . Now only. Company does that.

Can one be confident that all apps offered by ITunes , the apple app store have validated security cents. And are secure!?

These two apps were available through the Apple app store, and were not secure. It's difficult for a user to know that a mobile app is secure -- that's why it's a bad idea to send personal information through an app when connected to unsecured Wi-Fi.

I only have my phone no home computer what do i do they have hacked my internet and ruined my life an the police do not care

I really need help 3 months of hell i am hacked they controll every aspect of my life at this point and have me cut of from the world no friends cant even go to places i used to enjoy im lucky they r letting me type at this time i only have my smart phone i left tmoble after wipeing my new expieria 3× changing # an email and swiching phone i bought a diferent phone at another comp. Same thing the only perso that still talks to me is my mother the police exuse me r good for nothing they want to yell at me that i am just upset an need to learn how to send a email ok wish they would look or try rather than talk to the peopl who i belive r doing this to me what do i do. Help.

Same body hack my adrres

Absolutely right advice you have provided. Yes, we should always use apps which are secure. Vulnerability check is must for apps we use. I found good info on this website. I've also found a good apps for pc resources You should check it.

My name is Teresa Bussey TTEE beneficiary fiduciary capicity and I need assistance with access my accounts online with my new Samsung galaxy device and I also need to use it for my Hp all income LaserJet printer and Iam required flash player for results on certain banking sites as well as credit cards authority thank you Teresa Bussey TTEE beneficiary fiduciary capicity

Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.