FTC Seeks Further Comments on the State of Mobile Security

Following last June’s forum on mobile security, the Federal Trade Commission (“FTC”) again seeks to draw public attention to security issues in the mobile space. The FTC is soliciting comments from the public on a number of complex security issues discussed at the forum, including current privacy and data security risks in the mobile ecosystem, and the role mobile platform providers, telecommunications companies, third-party developers, and other industry members can play to mitigate mobile threats and to protect consumer privacy and security. The comments will expand the FTC record on these issues and will be considered in the drafting of an agency report.

The FTC invites comments on four topics, stated in brief below and addressed more fully here.

  • Secure platform design. The FTC seeks comments on how platforms create robust development environments while limiting the potential for abuse by third-party applications. The agency also is interested in the effectiveness of particular design approaches in protecting consumer privacy and security.
  • Secure distribution channels. The FTC has asked what role platforms should play in creating secure distribution channels, such as app stores, for mobile applications. Further, the agency seeks comments on the scalability of application review and testing and the techniques – and alternative approaches - that have proven effective in detecting malicious applications.
  • Secure development practices. The FTC invites comments on the resources available for third-party developers interested in secure application development and the extent to which the developer community has availed themselves of these resources. On this issue, the FTC has asked whether consumers have enough information to assess the security of an application and whether app security can be made more transparent to consumers.
  • Security lifecycle and updates. Finally, the FTC seeks comments on the security lifecycle of a mobile device, in particular, whether companies distinguish between a mobile device’s general product lifecycle and its security lifecycle. What are consumer expectations with respect to the security lifecycle of their mobile devices and do consumers have the appropriate information to factor security into their device purchasing decision? To this end, the FTC seeks comments on the challenges in creating, testing, and distributing security updates to end-users.
Industry input is strongly encouraged. Comments must be received by May 30, 2014.

Please contact Alysa Hutnik with questions related to this post.