How Secure Are Shopping Apps?

Category: Mobile , Shopping

Retailers are encouraging shoppers to download their smartphone apps with the promise of extra savings, convenience and other benefits. But do those benefits outweigh the potential privacy and security hazards? Let's take a look…

Are Shopping Apps Safe?

Walmart's shopping app will help you get refunds if the product you buy is available for a lower price somewhere else. The Home Depot app will provide detailed product info when you scan a barcode. Walgreens has an app to keep track of your prescriptions. Target's app lets you view their latest deals, make a shopping list, or create a gift registry.

But ten days before Christmas, the self-styled “Security Warriors” at Avast revealed that Target Corp. had a serious vulnerability in its shopping app: the gift registries that shoppers stored on Target’s servers could easily be downloaded by modestly skilled hackers.

The tech press jumped all over this “leak” even though there is no evidence that anyone other than Avast’s presumably benevolent “Warriors” exploited the vulnerability. Target has disabled the gift registries portion of its app until the hole can be plugged.

This Target blunder is a one-day wonder of little consequence; no critical personal data was exposed. But it does raise the question, “How secure are the many shopping apps out there?” Which leads to the question, “Secure from whom?”

Security and Smartphone Shopping Apps

Avast hasn’t completed its analysis of shopping apps from Home Depot, J.C. Penney, Target, Macy’s, Safeway, Walgreens and Walmart. But it did find that all of these apps, to varying degrees, demand permission to snoop on users. So even if these apps aren't vulnerable to hackers lurking in cyberspace, you’re not necessarily secure from the retailer who provides it.

Walgreens’ app was the most aggressive in demanding permissions that don’t seem necessary to its functions. It wants to run at startup, change your audio settings, pair with Bluetooth devices, and control your flashlight. (Of course! How else will you read the small print on that prescription bottle in the dark, while listening to soothing music on your wireless speaker?) Home Depot’s app was nearly as greedy about permissions, according to Avast.

To be fair, there's no evidence any of these apps are misuing your personal information. In fact, the Avast report mentioned that when compared to some other apps, the shopping apps typically asked for fewer permissions.

I’ve written about app permissions in the past; see, Is Your Flashlight Spying On You? The key to limiting your exposure is to ask “Does the app need this permission to do what I want it to do?” If the answer is “no,” deny it, or don't install the app.

Picking and Choosing

The now-defunct Syms clothing store had a motto I really liked: "An educated consumer is our best customer!" Unfortunately, all but the latest version of Android (currently version 6.0, also known as Marshmallow) force you to grant ALL or NONE of the permissions that an app requests before the app is even installed! It’s much more difficult to review an app’s permissions after it’s installed and disable the ones you don’t think you’re going to need.

Starting with Marshmallow, Android will treat apps as Apple iOS does: the first time an app needs a specific permission, it asks the user if he/she wants to grant it. Then you have the context in which the app wants to use that permission, and can make a better decision.

But deciding which permissions to grant or deny isn't always easy. For example, it may not be obvious why an app wants to use your phone’s camera until you try to scan a barcode to compare an item’s price across several merchants.

I look forward to Avast’s completion of its shopping apps analysis, which will hopefully reveal how vulnerable the tested shopping apps are to hackers and malware. For now, my advice is to treat every shopping app with caution. As Target has demonstrated, twice, retailers are very concerned about getting data about you and not very concerned about protecting it.

Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 5 Jan 2016

For Fun: Buy Bob a Snickers.

Prev Article:
This Antivirus Plugin Makes You LESS Secure

The Top Twenty
Next Article:
Geekly Update - 06 January 2016

Most recent comments on "How Secure Are Shopping Apps?"

Posted by:

Joan Buddecke
05 Jan 2016

Walmart App... found out the price comparison they now do is now limited to advertised items for other stores only. Has resulted in $0.00 for the past several months when before then, I received anywhere from a few cents to over $2 per receipt.

May be removing the app.

Posted by:

Sharon H
05 Jan 2016

Be aware that hacked Wal-Mart Savings Catcher accounts apparently are common. Mine was hacked twice in four months.Do not store a credit card with them as it is linked with your WalMart account. I know because the hacker ordered a tv from my account.

Posted by:

Robert A
05 Jan 2016

Joan Buddecke: Walmart always claims to have the lowest prices, so, according to its app, they do have the lowest price. The truth is most manufacturers charge most major retailers the same wholesale price on the same piece of merchandise. Walmart, along with Amazon, with their vast size and purchasing power, have been able to squeeze out many dollars from their retailing costs, by improving cost efficiencies, which they pass on to their customers. Also, Walmart is ruthless in dealing with its suppliers in trying to get favorable price concessions, or payment terms, even up to the threat of refusing to sell a particular vendor's merchandise unless it is granted a lower wholesale price. So, most other retailers follow Walmart and Amazon's lead and price their merchandise at around the same price, in order not to lose business to those two leaders.

Also, many higher-end manufacturers have a clause in their contracts with major retailers that limits the retailer, even Amazon, from advertising and selling its products below a minimum approved price approved by the manufacturer. That's why one will see, for example, Kitchen Aid stand mixers, Dyson vacuum cleaners, and many high-end Sony, Samsung, LG, Bose and Beats By Dr. Dre electronic products at about the same price (within a dollar, if not pennies), at most retailers, all the time. Of course, retailers will attempt to get around these manufacturers' policies by occasionally offering, say, $10 to $200 gift cards, or some substantial free merchandise, to effectively lower the price of the main item for sale.

The bottom line is Walmart and Amazon effectively set the defacto pricing, for products they sell, for other retailers. It's probably not worth the time to shop at more than six or seven websites (Amazon, Walmart, Target, Best Buy, Sears, Overstock and Wayfair) for common, popular items, as they will likely be sold for nearly the same price. It's more important to consider in-stock availability, fulfillment time and cost of shipping, to calculate the best possible price.

Posted by:

06 Jan 2016

Yesterday we were at Target and I was looking for a pair of pajama bottoms. For cheap. It's Winter and I wanted a pair long enough and of thick material. Target had a pair of non-fleece Mobissmo's just full of Christmas logo. Got to be on clearance, right? No price, so I scanned and found they were $30! Could have used Walmart's app there. No purchase. Thanks for your reports Bob and I wish you a Happy and Prosperous New Year. One more thing, are BANK apps safe? On my Windows phone that is tied to AT&T I have Wells Fargo app installed.

Posted by:

06 Jan 2016

Bob, thank you, thank you for this very informative article!

When I got my new Smartphone, last Aug., I lost a couple of mobile apps, that I really loved using. I just couldn't remember their names. This article, with your link to a past article, gave me my apps back!!!

I was able to install Privacy Flashlight and My Permissions apps, onto my new Smartphone!!! I loved both of these apps and now, I feel "normal", whatever that is. LOL

I use the Walmart app, for when I order something online and want to pick it up, from the store. I only have to show my phone and it is good to go. Love that it is that simple. I don't use the app, for anything else. I get emails from them, on my computer.

I tried to use Privacy App, but, found it very time consuming and a bit confusing. Now, My Permissions is an easy app to set up and it works. It gives me the same info, as Privacy App, but, giving permission or not is much easier to use.

Again, another great article helping us to keep on top of things!!! :)

Posted by:

Harry Wilkinson
14 Jan 2016

Bob, I have been reading your contributions for many years (decades?) I want to express my sincere thanks for so many warnings and much useful information.

Currently I am experiencing very slow start ups when I first turn on my computer. Is there a simple way of finding and then deleting unwanted start up programs?

EDITOR'S NOTE: This should help:

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- How Secure Are Shopping Apps? (Posted: 5 Jan 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved