Some of the most popular applications used by shoppers in November and December had red flags.
The 2020 holiday shopping season unsurprisingly broke prior m-commerce records, but many of the retail apps most commonly used displayed mobile commerce security red flags.
Many of the top Android retail applications showed some serious security concerns in a recent analysis.
According to a recent HelpNetSecurity on a September 2020 analysis, the majority of the leading 50 Android retail apps had failed to apply adequate core hardening and runtime application self-protection (RASP) techniques. Those measures are meant to protect the app against copying, tampering and faked distribution by third parties. Failing to use those techniques also opens an app to exploits from competitors willing to initiate denial or technical denial of service attacks, making it difficult for shoppers to be able to access and use the application. This vulnerability also makes it possible for rivals to form competitive third-party aggregators that chip away at a brand, harming revenue.
Virtually every app considered in the analysis failed to meet the minimum app hardening technique levels. This included code hardening methods such as name obfuscation. Name obfuscation is a technique that disguises identifiers within the app’s code to stop a hacker from being able to analyze the source code and reverse engineer it. Even basic encryption techniques such as asset/resource, string, and class encryption were inadequate. They are what prevents hackers from obtaining access to sensitive assets and information, or the app’s internal logic.
Almost one in four apps were labeled as entirely unprotected in these mobile commerce security categories.
By operating without enough protection, retail shopping apps could be altered, or could even be replicated and recreated as “fake apps”. These fake retail applications are particularly harmful as they can collect users’ personally identifiable information (PII), including their names, addresses and other contact information, but also financial information such as credit card numbers.
As the pandemic continues to maintain a surge in smartphone-based shopping, it is exceptionally important for consumers to be aware of mobile commerce security risks. At the very least, they should be watchful for signs of fake apps or legitimate applications that aren’t functioning in a trustworthy way, as the analysis suggests many retailers have not yet taken the necessary steps to provide that protection.