Developers launch more than 1,000 new mobile apps every day. And most of these apps leverage substantial personal data: name, contact information, passwords, credit card numbers, geo-targeted locations, photographs, social media contacts, etc. That’s a lot of sensitive information out there in cyberspace. In an attempt to increase cyber security in this age of data breaches the FTC (Federal Trade Commission) issued new mobile app security guidelines in May 2017.
Click on App Developers: Start With Security to read the complete text.
This FTC brochure covers the basics, like:
- Don’t collect or keep data you don’t need
- Don’t store passwords in plain text
- Use encryption whenever you transmit sensitive information like username or API keys
It also provides guidance on product development practices, like:
- Start with the end in mind
- Evaluate the entire ecosystem for potential security gaps (Internet, mobile platform, servers, GPS receivers, cameras, sensors, social media accounts, etc.)
- Monitor and maintain security over the life of your mobile app, not just at launch
- Assign a manager to own cyber security
Regulatory agencies typically provide an overarching program goal with tips on how to achieve that goal. For example, the new FTC guidelines advise developers to “Anticipate and prevent security issues.” And they include a list of suggestions. However, the guidelines don’t provide a clear and comprehensive implementation plan. App developers are responsible for creating an effective implementation plan without an exact direction.
Please don’t hesitate to reach out for a regulatory compliance check-up on your mobile app product design, including cybersecurity features.
We’re looking forward to your comments regarding these new FTC mobile app security guidelines.