As shoppers salivate over Black Friday and Cyber Monday deals, hackers are prepping for the post-Thanksgiving shopping frenzy, too. Unfortunately many of the leading digital retail and deal-finding mobile apps have security and privacy flaws that could place consumers at risk.
NowSecure analyzed 52 leading retail and deal-finding mobile appsfrom the Apple® App Store® and Google Play™ such as Amazon, eBay, Groupon, Target, Walmart, Wish and many others for security vulnerabilities, compliance gaps and privacy exposure. Only 27% of the apps we tested carry no or low risk, while the bulk require caution.
With 81 million U.S. residents placing e-commerce orders on Cyber Monday last year, the holiday shopping season brings in big business. Retailers would be wise to protect their brands by ensuring the security of their mobile apps by testing them prior to release. Likewise, shoppers should be careful about the digital retail apps they use and only download them from a reputable source.
And while we’re talking turkey, #MobSec5 will go on hiatus next week because of the holiday. Happy Thanksgiving to all.
Your highlights for the week are as follows:
- Database leak exposes millions of text messages including 2FA codes
- 60% of the top free mobile VPNs come from China
- More fake cryptocurrency apps masquerade as the real thing
- Google shares finding regarding mobile malware
- Thieves capitalize on mobile banking app Zelle
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
“A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.”
“Roughly 60 percent of the top free mobile VPN apps returned by Google Play Store and Apple Play Store searches are from developers based in China or with Chinese ownership, raising serious concerns about data privacy, a study published today has revealed.”
Country of origination is a chief concern for mobile app security given the many nation-state threat actors. The NowSecure portfolio of mobile appsec testing and vetting solutions can determine country of origin as well as what countries the app transmits data to.
“It seems we might never win the battle against fake cryptocurrency apps on Google’s Play Store, as another four have been identified this week. The apps were masquerading on the Play Store as cryptocurrency wallets for NEO, Tether, and MetaMask.”
Malware on Android can be avoided according to latest Google data
We Live Security
“You need to stick to Google Play for apps and run as recent a version of operating software if you wish to avoid getting malware on Android.”
“More than 100 banks use Zelle, a popular mobile banking app that transfers money in a flash. But some say that convenience comes at a cost: consumers across the country say fraudulent transfers are draining their bank accounts.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.