4 ways to evaluate mobile shopping app privacy, security
By Sienna Kossman | Published: December 24, 2014
|MOBILE SHOPPING APPS:
HOW PRIVATE AND SECURE ARE THEY?
• Mobile shopping apps privacy, security issues
• 4 ways to check your apps' privacy, security
• Security check: Apple vs. Android
While app developers, security experts and the federal government debate how to regulate mobile data collection, there are a number of steps consumers can take to protect their privacy and increase data security while using mobile shopping apps.
A September 2014 Experian Cybersecurity Survey of 1,000 U.S. adults found that consumers rarely read mobile app privacy statements. Only 22 percent of respondents said they read privacy policies before downloading an app of any kind, and 25 percent reported shopping online without reviewing mobile app privacy protections.
"Clients have to practice good data security hygiene and so do consumers," says Donna Wilson, Privacy and Data Security practice co-chair of Manatt, Phelps and Phillips, LLP. Until policies are revised and there's a better understanding of e-commerce security, "consumers have to take responsibility for their own security."
Here are four questions you should ask yourself before and after downloading a mobile shopping app to help decipher policies and keep personal and payment information secure:
the app from a trustworthy company and app store?
If you are leery about whether a retailer will keep your payment and personal information safe in-store, don't use its mobile app.
"First and foremost, don't even consider downloading apps that aren't in support of well-established companies," says Christopher Budd, Trend Micro's global threat communications manager. "You have to recognize and trust them. For example, if you compare an app from Macy's to one from, say, Bob's Magic Road Discounters, Macy's would have a leg up in my book."
Don't even consider downloading apps that aren't in support of well-established companies.
The origin of a mobile shopping app also matters. "Do not get apps anywhere other than the official app platform stores," Budd says. "Don't use apps that are downloadable straight from other websites."
Mobile apps have to meet certain requirements to even be listed in the Google Play store and Apple's iTunes App Store, so sticking to apps offered in those places guarantees you at least a basic level of security and data protections.
the app permissions make sense?
When you download an app, you are granting it access to specific pieces of information or areas of your mobile device such as location details, Internet search history or payment information.
Depending on the phone's operating system and the app, you may be prompted to review and accept app permissions at different times. Often they'll appear in a pop-up window before you finish downloading the app, when you first launch the app or when you create a mobile account.
More important than when the permissions appear is what they say. Look for what the app is asking to access. Do the permissions make sense based on the purpose the app serves?
For example, if an app helps locate deals and stores in your area, having access to your device's GPS location makes sense, but why would it need access to your phone's camera and microphone? Permissions that don't match with the service you are receiving should be a red flag and encourage you to dig for more information.
"If you don't feel comfortable with what you find, then don't engage with the business," Wilson says. "Find an alternative app that you don't find as invasive."
your mobile purchases protected?
If you are entering sensitive payment information or loading money onto a virtual app account, knowing how you are protected in the event of fraud or even just a technical glitch is important. Yet the FTC determined in its mobile shopping app study that finding this type of information in an app privacy or user policy may be hard -- if it even exists at all.
If something would go wrong, what would you be concerned about?
FTC's Bureau of Consumer Protection
"If something would go wrong, what would you be concerned about?" said Patti Poss, mobile technology attorney for the FTC's Bureau of Consumer Protection. "And look at the guidelines before you start buying, don't wait until something goes wrong later."
Again, if you can't find enough information to make you feel comfortable using the app, delete and choose another.
you tighten your mobile device's security settings?
If you don't like a shopping app's policies and you still want to use it, consider reviewing your mobile device's settings to see if you can tighten security overall, not just for one particular app. "Don't ever, ever go with the default," Wilson says.
If you have an Android mobile device, unchecking a "save all login credentials" box, running regular security system updates, encrypting removable SD cards and avoiding apps that can't be verified by Google Play are all steps you can take to increase your digital privacy and data security. Apple mobile devices don't have quite as many options but you can restrict location services and then go into each downloaded app to adjust what it can access.
There are also some overall precautions each platform user can take.
"I would say with Apple devices the consumer should understand how to access the privacy settings in their devices settings and in the individual apps turn off different access settings," says Preet Anand, CEO of BlueLight, a technology company that develops emergency response apps. "For Android I would suggest consumers be judicious about reading through the permissions and understanding what they are granting access to upon download. If they don't like what they see, don't use the app."
Personally identifiable information (PII): Information such as name, Social Security number or email address that's used to identify you.
Cookie: A small piece of data about you and your device that's stored in a Web browser or app to help customize your experience. It may contain account information and track your purchase behavior or search history. Shopping apps use their own cookies but may also allow third-party cookie access.
Passively collected information: Data about you and/or your behavior collected on a rolling basis while you use an app. Examples: Your location or activity history.
Actively collected information: Data you provide in response to a request, such as contact details and other info you willingly provide to tailor your shopping experience.
Third-party affiliates/companies: Apps that compile information from different websites, stores or brands (such as coupon and deal-finder apps) may share consumer data with outside companies. Common third-party affiliates include companies that offer similar products, ad agencies or even social media websites.
- FAQs on Costco Anywhere Visa card by Citi – Costco switched card partner from American Express to Visa in June 2016. We answer the most-common reader questions about Citi's Costco Anywhere Visa card ...
- Beacons expanding beyond big retailers, restaurants – Geolocation technology sends coupons and info to people in shops, hotels and even waiting for a bus ...
- 4 creative ways people cut their spending – Hiding your cards, using only cash are just two ways to limit your purchases and debt ...