How Secure Are Shopping Apps?
Retailers are encouraging shoppers to download their smartphone apps with the promise of extra savings, convenience and other benefits. But do those benefits outweigh the potential privacy and security hazards? Let's take a look… |
Are Shopping Apps Safe?
Walmart's shopping app will help you get refunds if the product you buy is available for a lower price somewhere else. The Home Depot app will provide detailed product info when you scan a barcode. Walgreens has an app to keep track of your prescriptions. Target's app lets you view their latest deals, make a shopping list, or create a gift registry.
But ten days before Christmas, the self-styled “Security Warriors” at Avast revealed that Target Corp. had a serious vulnerability in its shopping app: the gift registries that shoppers stored on Target’s servers could easily be downloaded by modestly skilled hackers.
The tech press jumped all over this “leak” even though there is no evidence that anyone other than Avast’s presumably benevolent “Warriors” exploited the vulnerability. Target has disabled the gift registries portion of its app until the hole can be plugged.
This Target blunder is a one-day wonder of little consequence; no critical personal data was exposed. But it does raise the question, “How secure are the many shopping apps out there?” Which leads to the question, “Secure from whom?”
Avast hasn’t completed its analysis of shopping apps from Home Depot, J.C. Penney, Target, Macy’s, Safeway, Walgreens and Walmart. But it did find that all of these apps, to varying degrees, demand permission to snoop on users. So even if these apps aren't vulnerable to hackers lurking in cyberspace, you’re not necessarily secure from the retailer who provides it.
Walgreens’ app was the most aggressive in demanding permissions that don’t seem necessary to its functions. It wants to run at startup, change your audio settings, pair with Bluetooth devices, and control your flashlight. (Of course! How else will you read the small print on that prescription bottle in the dark, while listening to soothing music on your wireless speaker?) Home Depot’s app was nearly as greedy about permissions, according to Avast.
I’ve written about app permissions in the past; see, Is Your Flashlight Spying On You? The key to limiting your exposure is to ask “Does the app need this permission to do what I want it to do?” If the answer is “no,” deny it, or don't install the app.
Picking and Choosing
The now-defunct Syms clothing store had a motto I really liked: "An educated consumer is our best customer!" Unfortunately, all but the latest version of Android (currently version 6.0, also known as Marshmallow) force you to grant ALL or NONE of the permissions that an app requests before the app is even installed! It’s much more difficult to review an app’s permissions after it’s installed and disable the ones you don’t think you’re going to need.
Starting with Marshmallow, Android will treat apps as Apple iOS does: the first time an app needs a specific permission, it asks the user if he/she wants to grant it. Then you have the context in which the app wants to use that permission, and can make a better decision.
But deciding which permissions to grant or deny isn't always easy. For example, it may not be obvious why an app wants to use your phone’s camera until you try to scan a barcode to compare an item’s price across several merchants.
I look forward to Avast’s completion of its shopping apps analysis, which will hopefully reveal how vulnerable the tested shopping apps are to hackers and malware. For now, my advice is to treat every shopping app with caution. As Target has demonstrated, twice, retailers are very concerned about getting data about you and not very concerned about protecting it.
Your thoughts on this topic are welcome. Post your comment or question below...
|
|
This article was posted by Bob Rankin on 5 Jan 2016
For Fun: Buy Bob a Snickers. |
Prev Article: This Antivirus Plugin Makes You LESS Secure |
The Top Twenty |
Next Article: Geekly Update - 06 January 2016 |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- How Secure Are Shopping Apps? (Posted: 5 Jan 2016)
Source: https://askbobrankin.com/how_secure_are_shopping_apps.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "How Secure Are Shopping Apps?"
Posted by:
Joan Buddecke
05 Jan 2016
Walmart App... found out the price comparison they now do is now limited to advertised items for other stores only. Has resulted in $0.00 for the past several months when before then, I received anywhere from a few cents to over $2 per receipt.
May be removing the app.
Posted by:
Sharon H
05 Jan 2016
Be aware that hacked Wal-Mart Savings Catcher accounts apparently are common. Mine was hacked twice in four months.Do not store a credit card with them as it is linked with your WalMart account. I know because the hacker ordered a tv from my account.
Posted by:
Robert A
05 Jan 2016
Joan Buddecke: Walmart always claims to have the lowest prices, so, according to its app, they do have the lowest price. The truth is most manufacturers charge most major retailers the same wholesale price on the same piece of merchandise. Walmart, along with Amazon, with their vast size and purchasing power, have been able to squeeze out many dollars from their retailing costs, by improving cost efficiencies, which they pass on to their customers. Also, Walmart is ruthless in dealing with its suppliers in trying to get favorable price concessions, or payment terms, even up to the threat of refusing to sell a particular vendor's merchandise unless it is granted a lower wholesale price. So, most other retailers follow Walmart and Amazon's lead and price their merchandise at around the same price, in order not to lose business to those two leaders.
Also, many higher-end manufacturers have a clause in their contracts with major retailers that limits the retailer, even Amazon, from advertising and selling its products below a minimum approved price approved by the manufacturer. That's why one will see, for example, Kitchen Aid stand mixers, Dyson vacuum cleaners, and many high-end Sony, Samsung, LG, Bose and Beats By Dr. Dre electronic products at about the same price (within a dollar, if not pennies), at most retailers, all the time. Of course, retailers will attempt to get around these manufacturers' policies by occasionally offering, say, $10 to $200 gift cards, or some substantial free merchandise, to effectively lower the price of the main item for sale.
The bottom line is Walmart and Amazon effectively set the defacto pricing, for products they sell, for other retailers. It's probably not worth the time to shop at more than six or seven websites (Amazon, Walmart, Target, Best Buy, Sears, Overstock and Wayfair) for common, popular items, as they will likely be sold for nearly the same price. It's more important to consider in-stock availability, fulfillment time and cost of shipping, to calculate the best possible price.
Posted by:
SamG
06 Jan 2016
Yesterday we were at Target and I was looking for a pair of pajama bottoms. For cheap. It's Winter and I wanted a pair long enough and of thick material. Target had a pair of non-fleece Mobissmo's just full of Christmas logo. Got to be on clearance, right? No price, so I scanned and found they were $30! Could have used Walmart's app there. No purchase. Thanks for your reports Bob and I wish you a Happy and Prosperous New Year. One more thing, are BANK apps safe? On my Windows phone that is tied to AT&T I have Wells Fargo app installed.
Posted by:
MmeMoxie
06 Jan 2016
Bob, thank you, thank you for this very informative article!
When I got my new Smartphone, last Aug., I lost a couple of mobile apps, that I really loved using. I just couldn't remember their names. This article, with your link to a past article, gave me my apps back!!!
I was able to install Privacy Flashlight and My Permissions apps, onto my new Smartphone!!! I loved both of these apps and now, I feel "normal", whatever that is. LOL
I use the Walmart app, for when I order something online and want to pick it up, from the store. I only have to show my phone and it is good to go. Love that it is that simple. I don't use the app, for anything else. I get emails from them, on my computer.
I tried to use Privacy App, but, found it very time consuming and a bit confusing. Now, My Permissions is an easy app to set up and it works. It gives me the same info, as Privacy App, but, giving permission or not is much easier to use.
Again, another great article helping us to keep on top of things!!! :)
Posted by:
Harry Wilkinson
14 Jan 2016
Bob, I have been reading your contributions for many years (decades?) I want to express my sincere thanks for so many warnings and much useful information.
Currently I am experiencing very slow start ups when I first turn on my computer. Is there a simple way of finding and then deleting unwanted start up programs?
EDITOR'S NOTE: This should help:
http://askbobrankin.com/speed_up_your_startup.html
http://askbobrankin.com/speed_up_windows_7.html