80% of All E-Commerce Apps Leak Customers' Data, and You Are Not Safe
It's time for our daily dose of statistics dedicated to the truly horrifying state of modern-day cybersecurity. This time, they come from mobile security company NowSecure, and they're related to how certain Android applications handle users' personal data.
NowSecure tests 250 Android apps
Between February and April, researchers from NowSecure put a total of 250 Android apps to the test. All applications were available on the Play store and were published by companies working in a variety of different industries. They were all put through NowSecure's mobile app sec security testing platform, which focuses on the storage and transmission of unencrypted personal information as well as the potential exposure to phishing attacks.
The disappointing results were put in an infographic and posted on NowSecure's website.
Many Android apps leak personal data
The Android ecosystem is not really known for its close attention to privacy and security. In fact, over the years, malware outbreaks and privacy issues have dealt some pretty significant blows to the reputation of Google's mobile operating system, and the fact that the search engine giant is struggling to keep malicious apps away from the official Play Store is not really helping.
Despite all this, users continue to trust Android applications with personally identifiable information, including names, usernames, emails, geolocation data, phone numbers, etc., and NowSecure found out that plenty of them are not doing that in a particularly safe manner.
In fact, of the 250 apps they tested, roughly 3 in 4 leaked personal data in some way.
Retail apps tend to be the worst offenders
Users treat different apps differently. For example, most people tend to get especially upset when e-commerce services get breached because this usually means that their financial information has been placed under threat. Those people won't be too happy to learn that, according to NowSecure's researchers, retail apps tend to be particularly prone to leaking personal data.
The experts didn't mention any names, but they did point out that some of the apps were coming from "online digital marketplaces and leading brick-and-mortar retailers". Of those, more than 80% were found to leak personal data, and for the apps that belong to online-only retailers, the percentage was even more terrifying – over 90%. In other words, if you're shopping through an Android mobile application, you are very likely to be inadvertently exposing your data. Mind you, the performance displayed by the rest of the apps tested by NowSecure wasn't exactly perfect, either.
69% of the applications that help us find insurance were leaking information. Roughly the same percentage (67%) of the apps we use to make our travel and holiday arrangements also expose data, and even though financial institutions are supposed to be under much heavier scrutiny, half of the finance apps NowSecure tested were also leaving users' details unprotected.
The researchers preferred not to name and shame the companies whose apps put users' data at risk, and we're not told whether or not the developers have been notified. NowSecure also decided not to reveal the precise nature of the information and how it can potentially be exposed to the world.
It's fair to say, however, that the figures they presented are scary enough as they are, which means that Android users should be as careful as ever when they're trusting applications with their personal data. Never give away more than is strictly necessary and always pay close attention to the permission new apps request.