How Secure Are Shopping Apps?
Retailers are encouraging shoppers to download their smartphone apps with the promise of extra savings, convenience and other benefits. But do those benefits outweigh the potential privacy and security hazards? Let's take a look…
Are Shopping Apps Safe?
Walmart's shopping app will help you get refunds if the product you buy is available for a lower price somewhere else. The Home Depot app will provide detailed product info when you scan a barcode. Walgreens has an app to keep track of your prescriptions. Target's app lets you view their latest deals, make a shopping list, or create a gift registry.
But ten days before Christmas, the self-styled “Security Warriors” at Avast revealed that Target Corp. had a serious vulnerability in its shopping app: the gift registries that shoppers stored on Target’s servers could easily be downloaded by modestly skilled hackers.
The tech press jumped all over this “leak” even though there is no evidence that anyone other than Avast’s presumably benevolent “Warriors” exploited the vulnerability. Target has disabled the gift registries portion of its app until the hole can be plugged.
This Target blunder is a one-day wonder of little consequence; no critical personal data was exposed. But it does raise the question, “How secure are the many shopping apps out there?” Which leads to the question, “Secure from whom?”
Avast hasn’t completed its analysis of shopping apps from Home Depot, J.C. Penney, Target, Macy’s, Safeway, Walgreens and Walmart. But it did find that all of these apps, to varying degrees, demand permission to snoop on users. So even if these apps aren't vulnerable to hackers lurking in cyberspace, you’re not necessarily secure from the retailer who provides it.
Walgreens’ app was the most aggressive in demanding permissions that don’t seem necessary to its functions. It wants to run at startup, change your audio settings, pair with Bluetooth devices, and control your flashlight. (Of course! How else will you read the small print on that prescription bottle in the dark, while listening to soothing music on your wireless speaker?) Home Depot’s app was nearly as greedy about permissions, according to Avast.
I’ve written about app permissions in the past; see, Is Your Flashlight Spying On You? The key to limiting your exposure is to ask “Does the app need this permission to do what I want it to do?” If the answer is “no,” deny it, or don't install the app.
Picking and Choosing
The now-defunct Syms clothing store had a motto I really liked: "An educated consumer is our best customer!" Unfortunately, all but the latest version of Android (currently version 6.0, also known as Marshmallow) force you to grant ALL or NONE of the permissions that an app requests before the app is even installed! It’s much more difficult to review an app’s permissions after it’s installed and disable the ones you don’t think you’re going to need.
Starting with Marshmallow, Android will treat apps as Apple iOS does: the first time an app needs a specific permission, it asks the user if he/she wants to grant it. Then you have the context in which the app wants to use that permission, and can make a better decision.
But deciding which permissions to grant or deny isn't always easy. For example, it may not be obvious why an app wants to use your phone’s camera until you try to scan a barcode to compare an item’s price across several merchants.
I look forward to Avast’s completion of its shopping apps analysis, which will hopefully reveal how vulnerable the tested shopping apps are to hackers and malware. For now, my advice is to treat every shopping app with caution. As Target has demonstrated, twice, retailers are very concerned about getting data about you and not very concerned about protecting it.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 5 Jan 2016
|For Fun: Buy Bob a Snickers.|
This Antivirus Plugin Makes You LESS Secure
The Top Twenty
Geekly Update - 06 January 2016
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- How Secure Are Shopping Apps? (Posted: 5 Jan 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved