The New York attorney general has settled on five financial and tech giants, requiring each company to implement basic security in their mobile apps.
The agreements oblige Credit Sesame, Equifax (yes, that’s Equifax), Priceline, Spark Networks, and Western Union to ensure that data sent between the app and its servers is encrypted. Specifically, the attorney general said that his applications “could have allowed confidential information entered by users, such as passwords, social security numbers, credit card numbers, and bank account numbers, to be intercepted by intruders employing simple techniques. well publicized. “
In other words, their mobile applications “all failed” to properly implement and implement HTTPS, one of the strictest minimum security measures in the security of any modern application.
HTTPS certificates (also known as SSL / TLS certificates) encrypt data between a device, such as your phone or computer, and a website or application server, ensuring that confidential data, such as credit card numbers or numbers, cannot be intercepted. passwords, while traveling over the Internet, whether it’s someone on the same Wi-Fi network as the cafeteria or at your nearest federal intelligence agency.
These certificates are more common than ever, especially since when they aren’t incredibly cheap, they’re completely free, and most modern browsers these days will tell you bluntly when a website isn’t secure. The apps are no different, but without a green lock on your browser window, there is often very little to know for sure that your data is safely traversing the internet.
At least with the financial, banking, and dating apps, you’d just assume, right? Bzzt, bad
“Although each company represented users who used reasonable security measures to protect their information, the companies did not sufficiently test whether their mobile applications had this vulnerability,” Attorney General Barbara Underwood’s office said in a statement. “Today’s agreements require each company to implement comprehensive security programs to protect user information.”
The applications were selected after an extensive batch of application tests in an effort to find security issues before incidents occurred. Underwood’s office follows in the footsteps of federal law enforcement in recent years by the Federal Trade Commission, which took action against several app creators, including Credit Karma and Fandango, for failing to properly implement the certificates. HTTPS.
By taking action, the attorney general has the opportunity to closely monitor companies to ensure that they are not breaching their data security responsibilities.