Study: Retail apps show alarming security issues

A surprisingly high percentage of retail and e-commerce apps may be putting customer data at risk.

According to a new study of 250 Android apps from mobile testing automation technology provider NowSecure, nearly three in four apps across industries, as well as 82% of retail and 92% of online retail apps, leak sensitive customer data. This includes customer name, user name, email, phone number, geolocation, account numbers, device ID, and device serial number.

One possible reason for the high percentage of retail and online retail apps that leak customers’ personally identifiable information (PII) may be the relative lack of regulation regarding handling of data in the retail industry. Only 50% of tested apps from financial and insurance companies, which face strict regulation of how customer data is managed, showed security issues.

NowSecure advises retailers to ensure app developers follow best practices for building secure mobile apps and to close any gaps they find. Consumers are advised to halt the use of any apps that do not properly safeguard their private information.

NowSecure conducted a study of 250 popular, publicly available Android mobile apps downloaded from the Google Play store. Analysis focused on leakage of unencrypted personal information stored on the mobile device and transmitted over the network, as well as potential exposure to phishing attacks.