This year’s holiday season is approaching and the Black Friday and Cyber Monday are just around the corner. That said, billions of shoppers are about to purchase goods through the convenience of mobile applications, and crooks know it and are readying their scamming tools. Zimperium, an expert in mobile security has conducted an in-depth investigation on up to date versions of the thirty of the most widely used mobile shopping applications for Android and iOS. The results of this investigation indicate large security and privacy protection gaps, so consumers are advised to be very careful with whom they trust.
The highlights of the Zimperium’s investigation finding are the following:
The most critical privacy risks in the iOS were the logging of information into the system console (100% of the apps), ability to screenshot the full user interface (97%), and monitoring the iOS pasteboard (83%). For Android, the most common privacy risks were the insecure provision of content (83%), and risky communications beacon (27%).
As for the security, iOS’s top critical risks were the overriding SSL and TLS chain validation during authentication (100%), implementing swizzling API calls (97%), connecting via HTTP (100%), and using embedded compiled libraries (93%). On the Android apps, 83% enable WebView to execute JavaScript code, 80% allows the spoofing of the app packaging name, and 83% doesn’t validate SSL certificates.
Zimperium isn’t naming the apps they used in this investigation, as the point of the report is to raise awareness, and it does. Consumers are advised to take these findings into account and try to limit their purchases through mobile platforms and prefer other means instead. If you still want to indulge in shopping through your mobile, at least use a robust security solution that will help you detect and stop malicious activities on your device.
Are you planning to buy anything via mobile this season? Let us know in the comments section down below, or on our socials, on Facebook and Twitter.