Mobile app regulations are getting into focus as developers are launching more than 1,000 new mobile apps every day. And most of these apps leverage substantial personal data: name, contact information, passwords, credit card numbers, geo-targeted locations, photographs, social media contacts, etc.
That’s a lot of sensitive information out there in cyberspace. In an attempt to increase cybersecurity in this age of data breaches, the FTC (Federal Trade Commission) issued new mobile app security guidelines in May 2017.
New FTC Compliance Guide
The FTC brochure covers the basics, like:
- Don’t collect or keep data you don’t need
- Don’t store passwords in plain text
- Use encryption whenever you transmit sensitive information like username or API keys
In order to secure the app in the early phase of product development, FTC is proposing the following steps:
- App developers can code quickly with the support of powerful software development kits (SDKs). However, a rush to release may result in dangerous security oversights.
- Popular app stores can introduce apps to millions of users and can lead to overnight popularity. But the bigger the user base and the more sensitive the information, the greater the need for strong security. Is your app ready?
- Ready-made software libraries and cross-platform toolkits can provide a head start in the development process. However, as a developer, you are your app’s last line of defense, determining what goes in it and how it performs.
- Mobile and Internet-connected devices offer an array of exciting technologies. GPS receivers, cameras, and sensors let you create a unique experience for users. But threats — like loss, theft, and users who rely on unsecured Wi-Fi networks — raise the security stakes. Balance these features and risks to protect users’ personal information and your own business reputation”.
Mobile App Legal Compliance: Implementation Plan
Regulatory agencies typically provide an overarching program goal with tips on how to achieve that goal. For example, the new FTC compliance guide advises developers to “Anticipate and prevent security issues.” And they include a list of suggestions. However, the guidelines don’t provide a clear and comprehensive implementation plan. App developers are responsible for creating an effective implementation plan without an exact direction.
Please don’t hesitate to reach out for a regulatory compliance check-up on your mobile app product design, including cybersecurity features.
The Author
InnReg is a team of over 30 Regulatory Compliance and Innovation Consulting experts helping fintechs succeed in highly regulated markets since 2013. InnReg specializes on mitigating regulatory risk while helping clients launch and grow innovative fintech products and services.
