4 ways to evaluate mobile shopping app privacy, security


While app developers, security experts and the federal government debate how to regulate mobile data collection, there are a number of steps consumers can take to protect their privacy and increase data security while using mobile shopping apps.

A September 2014 Experian Cybersecurity Survey of 1,000 U.S. adults found that consumers rarely read mobile app privacy statements. Only 22 percent of respondents said they read privacy policies before downloading an app of any kind, and 25 percent reported shopping online without reviewing mobile app privacy protections.

"Clients have to practice good data security hygiene and so do consumers," says Donna Wilson, Privacy and Data Security practice co-chair of Manatt, Phelps and Phillips, LLP. Until policies are revised and there's a better understanding of e-commerce security, "consumers have to take responsibility for their own security."

Here are four questions you should ask yourself before and after downloading a mobile shopping app to help decipher policies and keep personal and payment information secure:

1. Is the app from a trustworthy company and app store?
If you are leery about whether a retailer will keep your payment and personal information safe in-store, don't use its mobile app.

"First and foremost, don't even consider downloading apps that aren't in support of well-established companies," says Christopher Budd, Trend Micro's global threat communications manager. "You have to recognize and trust them. For example, if you compare an app from Macy's to one from, say, Bob's Magic Road Discounters, Macy's would have a leg up in my book."

Don't even consider downloading apps that aren't in support of well-established companies.

-- Christopher Budd
Trend Micro

The origin of a mobile shopping app also matters. "Do not get apps anywhere other than the official app platform stores," Budd says. "Don't use apps that are downloadable straight from other websites."

Mobile apps have to meet certain requirements to even be listed in the Google Play store and Apple's iTunes App Store, so sticking to apps offered in those places guarantees you at least a basic level of security and data protections.

2. Do the app permissions make sense?
When you download an app, you are granting it access to specific pieces of information or areas of your mobile device such as location details, Internet search history or payment information.

Depending on the phone's operating system and the app, you may be prompted to review and accept app permissions at different times. Often they'll appear in a pop-up window before you finish downloading the app, when you first launch the app or when you create a mobile account.

More important than when the permissions appear is what they say. Look for what the app is asking to access. Do the permissions make sense based on the purpose the app serves? 

For example, if an app helps locate deals and stores in your area, having access to your device's GPS location makes sense, but why would it need access to your phone's camera and microphone? Permissions that don't match with the service you are receiving should be a red flag and encourage you to dig for more information.

"If you don't feel comfortable with what you find, then don't engage with the business," Wilson says. "Find an alternative app that you don't find as invasive."

3. Are your mobile purchases protected?
If you are entering sensitive payment information or loading money onto a virtual app account, knowing how you are protected in the event of fraud or even just a technical glitch is important. Yet the FTC determined in its mobile shopping app study that finding this type of information in an app privacy or user policy may be hard -- if it even exists at all.

If something would go wrong, what would you be concerned about?

-- Patti Poss
FTC's Bureau of Consumer Protection

"If something would go wrong, what would you be concerned about?" said Patti Poss, mobile technology attorney for the FTC's Bureau of Consumer Protection. "And look at the guidelines before you start buying, don't wait until something goes wrong later."

Where to find purchase protection information varies among apps. If you can't find it in a privacy policy within the app, search the company website or check with your payment card issuer or bank to see if they offer any protections specific to mobile purchases.

Again, if you can't find enough information to make you feel comfortable using the app, delete and choose another.

4. Can you tighten your mobile device's security settings?
If you don't like a shopping app's policies and you still want to use it, consider reviewing your mobile device's settings to see if you can tighten security overall, not just for one particular app. "Don't ever, ever go with the default," Wilson says.

If you have an Android mobile device, unchecking a "save all login credentials" box, running regular security system updates, encrypting removable SD cards and avoiding apps that can't be verified by Google Play are all steps you can take to increase your digital privacy and data security. Apple mobile devices don't have quite as many options but you can restrict location services and then go into each downloaded app to adjust what it can access.

There are also some overall precautions each platform user can take.

"I would say with Apple devices the consumer should understand how to access the privacy settings in their devices settings and in the individual apps turn off different access settings," says Preet Anand, CEO of BlueLight, a technology company that develops emergency response apps. "For Android I would suggest consumers be judicious about reading through the permissions and understanding what they are granting access to upon download. If they don't like what they see, don't use the app."

Common privacy policy terms and definitions

Personally identifiable information (PII): Information such as name, Social Security number or email address that's used to identify you.

Cookie: A small piece of data about you and your device that's stored in a Web browser or app to help customize your experience. It may contain account information and track your purchase behavior or search history. Shopping apps use their own cookies but may also allow third-party cookie access.

Passively collected information: Data about you and/or your behavior collected on a rolling basis while you use an app. Examples: Your location or activity history.

Actively collected information: Data you provide in response to a request, such as contact details and other info you willingly provide to tailor your shopping experience.

Third-party affiliates/companies: Apps that compile information from different websites, stores or brands (such as coupon and deal-finder apps) may share consumer data with outside companies. Common third-party affiliates include companies that offer similar products, ad agencies or even social media websites.

See related: Apple Pay vs. Google Wallet vs. Softcard -- a mobile wallet review, 9 tips for using mobile gift cards safely

Published: December 24, 2014

Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

Follow Us

Updated: 10-24-2016

Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.