As holiday mobile commerce breaks records, retail apps display security red flags

Driven by the pandemic, many consumers rely on mobile apps to buy everything from daily essentials to holiday gifts. However, according to a recent analysis, there are some alarming security concerns among some of the top 50 Android retail mobile apps.

retail apps security

Retail mobile apps are missing basic security functionality

Most of the top 50 retail mobile applications analyzed in September 2020 did not apply sufficient code hardening and runtime application self-protection (RASP) techniques.

These security techniques protect the application against tampering or being copied and distributed by a malicious third party as fake apps. Competitors can also exploit a lack of code hardening to execute business or technical denial of service attacks, making the mobile app difficult for customers to use. Or they can create competitive third-party aggregators that weaken the brand and lead to a loss in revenue.

Nearly all of the applications in the analysis fell short across basic application hardening techniques. These included code hardening techniques such as name obfuscation, which hides identifiers in the application’s code to prevent hackers from reverse engineering and analyzing source code. In addition, encryption techniques such as string, asset/resource, and class encryption prevent malicious actors from gaining insight into sensitive information, assets, or the internal logic of applications.

Application hardening also includes RASP techniques such as root/jailbreak and emulator detection, which shows when an attacker is attempting to bypass application sandboxes and conduct unapproved actions. Nearly a quarter of apps were completely unprotected in these areas. Without adequate protection, retail mobile apps could be tampered with or even copied and turned into “fake apps.” Fake retail apps are especially risky because they can capture sensitive personally identifiable information (PII) from shoppers, such as names, credit card numbers, addresses, and more.

Consumers must be on the lookout for fake mobile apps

With the massive rise in mobile commerce, consumers must be on the lookout for telltale signs of fake mobile apps. There are a few ways to spot these apps in the…