FTC Released a Guide for App Developers: Start with Security (May 2017)

App Developers: Start with Security

May 2017

The Federal Trade Commission (“FTC”) released a guide App Developers: Start with Security, which offers essential guidance for app developers on maintaining data security in a rapidly evolving digital landscape. Here’s a summary of the key points:

Understanding Security Needs

• No One-Size-Fits-All. Security needs vary significantly between apps. Simple apps may require less stringent security compared to those handling sensitive user data, like location or financial information.

• Stay Informed. Security threats and best practices evolve quickly, so developers must remain updated on current trends and threats.

Initial Considerations

1. Evaluate the Ecosystem. Understand the challenges and opportunities within the mobile and IoT landscape before development. This includes being cautious of rushing to market without sufficient security measures.

2. Security Responsibility. Assign at least one team member to focus on security throughout the app development process. As a developer, you are the final line of defense.

Best Practices for App Security

• Data Minimization. Collect only the data necessary for your app’s functionality and delete it when no longer needed.

• Platform Awareness. Familiarize yourself with the specific security features and configurations of each platform you develop for, as they can differ widely.

• User Credentials. Generate user credentials securely and avoid storing passwords in plaintext. Use cryptographic hash functions to protect passwords.

• Encryption. Implement transit encryption (like HTTPS) for all sensitive data transmitted over networks, especially in unsecured environments.

• Third-Party Code Diligence. Evaluate third-party libraries and SDKs for security vulnerabilities before integration.

• Device Data Protection. Consider encrypting sensitive data stored on users' devices to protect against malware or theft.

• Server Security: If maintaining your own servers, apply necessary security measures to protect against common vulnerabilities.

Ongoing Security Awareness

• Post-Release Vigilance. Security doesn’t end at launch. Stay informed about new vulnerabilities and be prepared to release updates as needed.

• User Engagement. Encourage user feedback to identify and address security issues quickly.

Compliance with Regulations

• Special Data Considerations. If your app handles sensitive data (like health, financial, or children’s data), ensure compliance with relevant regulations and standards.

This guidance emphasizes that security is an ongoing responsibility for app developers, from initial design to post-launch updates, and highlights the importance of proactive measures to protect user data.

 

For more information, see here:  https://www.ftc.gov/tips-advice/business-center/guidance/app-developers-start-security

 

These materials were obtained directly from the Federal Government public websites and are posted here for your review and reference only.  No Claim to Original U.S. Government Works.  These may not be the most recent versions.  The U.S. Government may have more current information.  We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to.  Please check the linked sources directly.