The New York attorney general has settled with five major technology and financial companies, requiring each company to implement basic security on its mobile applications.
Settlements Credit Strength Sesame, Equifax (Yes, This is Equifax), Priceline, Spark Networks, and Western Union to ensure that data sent between the application and its servers is encrypted. In particular, the prosecutor said their applications "could have allowed sensitive information entered by users – such as passwords, social security numbers, credit card numbers and bank account numbers – to be intercepted by hackers using simple and widespread techniques."
In other words, mobile apps "failed all" to correctly launch and implement HTTPS, one of the lowest security measures in any security for the modern application.
HTTPS certificates (also known as SSL / TLS certificates) encrypt data between a device, such as your phone, computer, website, or application server, ensuring that sensitive data, such as credit card numbers or passwords, can not be intercepted as it travels through Internet – whether it's someone on the same Wi-Fi network at the cafe or the nearest federal intelligence agency.
These testimonials are more common than ever before, not least when they are not incredibly cheap, They are completely free – Most modern browsers these days will tell you clearly When the website is "not safe". Apps are no different than others, but without a green lock in your browser window, there's often too little to know, especially since your data travels online securely.
At least, through financial and banking applications and dating dates – you just have to assume it, do not you? Duck, wrong.
"Although each company represents users that they have used reasonable security measures to protect their information, companies have failed to test whether mobile applications have this vulnerability is sufficient," the Office of the Attorney General Barbara Underwood said in a statement. "The settlements today require every company to implement comprehensive security programs to protect user information."
Applications were selected after a wide range of application tests in an attempt to find security issues before the incidents. Underwood's office follows in line Federal imposition In recent years by the Federal Trade Commission, which brought action against many application makers – including Credit Karma and Fandango – for not properly implementing HTTPS certificates.
In taking action, the prosecutor gets to keep the signs closer to the companies to move forward to make sure they do not ignore their data security responsibilities.