Following a public comment period, the Federal Trade Commission has approved a final order settling charges that HTC America Inc. failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.
The settlement with HTC America, announced by the FTC in February 2013, requires the company to develop and release software patches to fix vulnerabilities in millions of the company’s devices. The company is also required to establish a comprehensive security program designed to address security risks during the development of HTC devices and to undergo independent security assessments every other year for the next 20 years.
In addition, the settlement prohibits HTC America from making any false or misleading statements about the security and privacy of consumers’ data on HTC devices. Violations of the consent order may be subject to civil penalties of up to $16,000 per violation.
The Commission vote approving the final order and letters to members of the public who commented on it was 3-0-1, with Commissioner Ohlhausen recused. (FTC File No. 122-3049; the staff contact is Nithan Sannappa, Bureau of Consumer Protection, 202-326-3185.)