How secure is that mobile app?
A long time ago, in a galaxy far, far away, people used phones primarily to call each other. Strange, huh?
Today, in this galaxy, many of us depend on our phones to take care of everyday tasks like waking up on time, keeping track of our calories, and sharing photos and updates. Need movie tickets? Tap, tap, and done. Want to track your credit history and get free credit scores? Yep, you can do that, too.
Unfortunately, according to the FTC, apps don’t always secure the information they send and receive, and that could lead to serious problems for users. Two companies the FTC is focusing on today: Fandango and Credit Karma. The FTC says these popular services didn’t properly secure information sent through their apps — including credit card numbers (Fandango) and Social Security numbers (Credit Karma).
Neither company validated security certificates to make sure the app was sending the information to the right place. That left users vulnerable to “man in the middle attacks.” An attacker could trick the app into letting him access communications between the app and the online service. Neither the person using the app nor the online service would know the attacker was there.
An app that does not validate its security certificate leaves users vulnerable to “man in the middle” attacks.
Research suggests that many apps don’t encrypt information properly. So, if you plan to use a mobile app to conduct sensitive transactions — like filing your taxes, shopping with a credit card, or accessing your bank account — use a secure network. That way, even if the app doesn’t encrypt the information, the network does.
Keep in mind that most public Wi-Fi networks aren’t secure. If a hotspot doesn’t require a WPA or WPA2 password, it’s probably not secure. You might want to change the settings on your mobile device so that it doesn’t connect automatically to nearby Wi-Fi.
Finally, if you haven’t already, take steps to secure your home wireless network.