You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

Fandago and Credit Karma Settle FTC Charges for Weak App Security

Two companies have settled Federal Trade Commission charges that they misrepresented the security of their mobile apps. Fandango and Credit Karma failed to enable SSL encryption, leaving user data vulnerable on mobile apps. "Our cases against Fandango and Credit Karma should remind app developers of the need to make data security central to how they design their apps," FTC Chairwoman Edith Ramirez said in a statement. The settlements require the companies to establish data security programs, and to undergo security assessments by the Commission for the next 20 years. EPIC recently brought a complaint to the FTC concerning, a company that failed to establish adequate security safeguards. Not long after the complaint from EPIC, the company implemented SSL. EPIC had earlier recommended that the Commission require encryption for all cloud-based services. For more information, see EPIC: Federal Trade Commission, and EPIC: EPIC Online Guide to Practical Privacy Tools.

« Federal Courts Law Review Symposium | Main | President Obama Renews Unlawful, Ineffective Surveillance Authority »

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security