91% of consumers intend to make purchases through a mobile app this holiday season, according to the Internet Retailer Mobile 500 report, with 54% planning to do half or more of their holiday shopping (purchases and/or browsing) via a mobile app. The availability and popularity of native mobile shopping apps are helping to drive this holiday’s digital shopping explosion as mobile-minded consumers opt for an on-the-go, hassle-free way to check gifts off their list.
What many consumers don’t realize is that an alarming 15% of all apps leak sensitive data over the network (plain text or encoded), and nearly half (48%) of mobile applications have at least one high-risk security flaw. Worse yet, shopping apps, as an entire category, tend to be some of the “leakiest” apps – while storing the highest amount of sensitive personal data. That is a dangerous combination, especially as we gear up for what could be a record-setting holiday shopping season – driven by mobile purchases.
While many of our favorite mobile shopping apps have known security vulnerabilities, it’s our own mobile behavior that may be putting us at greater risk as we begin the holiday shopping season. Our team of mobile security experts at NowSecure have put together a list of the five most common mobile security blunders consumers make when shopping on their mobile devices.
- Unlike Santa’s Elves, developers can make mistakes: We’re too trusting and assume developers have accounted for vulnerabilities, and so we inherently trust most applications.
- No passwords: Considering the number of times we access our phones on a daily basis, using the recommended complex password on our phones is…well, complex. In fact, 43% of devices don’t even have a password, PIN, or pattern lock.1 Everyone needs a password, so finding the right balance between complex passcodes and easy access to your phone (and apps) is recommended.
- Holiday jingles, peppermint latte and a side of free WiFi: Locations like coffee shops and airports offer free, unsecured WiFi connections allowing an easy pathway for nearby hackers to mine your data. Many consumers use free, unsecured WiFi. One study showed that 50% of devices connect to unsecured WiFi at least once a month in the U.S.1
- Avoid bad Santas and don’t install untrustworthy applications: Installing an app from a pop-up ad or through a third party site (not a first party application store like Google Play or Apple App Store) increases the risk of malware infecting your device.
- Software updates are gifts that keep on giving: Don’t delay updates. Waiting to update operating systems or applications increases the risk that your data will be compromised by the vulnerability the application is trying to repair. Many times the updates contain better security.
10 ways to secure your mobile device
Mitigating mobile security risk is critical to protecting yourself this holiday shopping season. So, in addition to the five biggest consumer mistakes, our team at NowSecure has provided a list of the top 10 ways consumers can secure their mobile devices during the holidays.
- Know what data is being collected by applications. According to the FTC, some apps may be able to access your phone and email contacts, call logs, internet data, calendar data, data about the device’s location, the device’s unique IDs, and information about how you use the app itself.5
- Know how your data is being used by applications. Low data security is (unfortunately) a common problem today. When your device and apps send data without protecting it with encryption, the data can be easily intercepted.
- Add a passcode, PIN, or pattern lock. This helps protect your data from an attacker who gets ahold of your phone, even if the app developer didn’t properly secure the data.
- Use different passwords for sites and apps. If you use the same passwords for banking, social media, email, etc., then a hacker only needs to figure out one password to gain access to your identity.
- Logout of your applications. If your application requires a login, ensure that you log out when you are finished.
- Only download apps from the official App Store and Google Play. Third- party stores are fraught with malware. Stick to the official stores to protect yourself from malicious apps.
- Use two-factor user identification when available to add another level of protection. Many applications offer two-factor authentication, which combines something you have (token, phone) with something you know (passcode). It greatly increases the difficulty of an attacker compromising your password and gaining access to your account.
- Update your operating system and apps when new versions are available. Operating system updates typically include patches to known security vulnerabilities. Attackers can exploit these vulnerabilities if you do not upgrade your OS.
- Avoid unsecured WiFi. This helps protect against attackers that want to steal your data over networks.
- Use an app that provides you visibility into what apps are doing with your data. The NowSecure Mobile App provides insight into what apps are sharing your data insecurely, what vulnerabilities may be affecting your device, and provides tips to secure yourself.