FTC granted final approval of settlements with Fandango and Credit Karma on charges that they failed to secure the transmission of millions of consumers’ sensitive personal information from their mobile apps. The FTC alleged the companies failed to take reasonable steps to secure their mobile applications. The settlements require the two companies to establish comprehensive security programs designed to address security risks during the development of their applications and to undergo independent security assessments every other year for the next 20 years. The agency’s complaints charged that the companies disabled a critical default process, known as SSL certificate validation, which would have verified that the apps’ communications were secure.”]
Source: https://www.cuinfosecurity.com/fandango-credit-karma-settlements-okd-a-7212