In a review of 250 popular Android mobile apps, including those of retailers, app security firm NowSecure found that 70% leak sensitive personal data, including names, usernames, email, phone numbers, geolocation, account numbers and device identifiers including serial numbers.
Retail apps are the worst offenders, according to the study, which was emailed to Retail Dive: 82% of brick and mortar retail apps "actively" leak sensitive data and 92% of online retail apps do. In fact, just 8% of online retail apps were not at risk for exposure of personal information, NowSecure said.
The safest apps are from financial and insurance companies, which NowSecure said is due to tighter regulation of those industries.
After uncovering such a high level of insecurity among commonly used e-commerce apps, NowSecure advises consumers to delete all retail apps from their phones unless they are certain of their safety.
“After extensive testing, NowSecure is issuing a global warning to the millions of mobile app consumers and businesses to temporarily stop using top retail and e-commerce apps,” the company said in an email to Retail Dive. “Millions of users operate under the false assumption that the apps on their phones are safe.”
The firm isn't alone in its warnings about laxity in retail cybersecurity.
Fraud around loyalty programs, one of the most important ways to lock in customers, has risen 89% in a year, per the Forter Fraud Attack Index report. Failing to protect such incentives is not only a financial headache for customers, retailers and financial services, but it can also drive consumers to more secure competitors, experts told Retail Dive.
Retailers themselves are also frequent targets, especially during their busy season. In the month leading up to the shopping holidays, there was a 400% increase in phishing activity, according to research from cloud-based security company Zscaler. Attempted cyberattacks against retailers rose 20% during the 2018 holidays, according to VMWare Carbon Black. Two-thirds of retailers reported being targeted by a ransomware attack in the past year, according to that report.