The Christmas business is in full swing. Therefore we are sounding a note of caution to all those using their smartphone or tablet for doing their shopping.
When the pre-Christmas shopping season starts at the beginning of December, many retailers once again are wooing with rewarding online offers. Quite to the delight of their customers, because many consumers avoid crowded shops in the run-up to Christmas and buy their gifts from the comfort of their own home or on the go - or via smartphone or tablet.
Dealers have long since recognized the trend towards mobile commerce and are expanding their offering to include mobile shopping apps that gives their customers a convenient and fast purchasing process via their smartphone. But the mobile optimization of the retail industry also carries many risks, as apps are another lucrative target for cybercriminals, giving them multiple ways to make a profit.
More and more often, hackers manage to penetrate mobile apps and tap sensitive personal or bank account data, manipulate purchasing processes or steal intellectual property. Because of the wealth of sensitive data, shopping applications are particularly threatened by cyber-attacks.
But even fake apps are becoming more of a problem in the industry. How real this danger is, we could find out from some Apple customers, who already got a taste of it. Just in time for the start of the shopping season, cybercriminals managed to smuggle hundreds of fake shopping apps past the security checkpoints into the app store. The counterfeit applications presented themselves as official shopping helpers of renowned brands such as Nike or Christian Dior, but have been a ripsnorter. Some of the fake apps bothered customers with embedded ads, while others targeted credit card information.
How hackers attack
Unlike web-based applications, where security is largely controlled by businesses, protecting mobile apps from manipulation and reverse engineering is far more of a challenge. This is not least because mobile applications run in distributed and potentially vulnerable environments and are therefore particularly attractive to hackers. The Achilles heel of the mobile app is their binary code, which opens the door to any kind of manipulation that compromises the integrity of the app. If the binary code is not specifically protected, attackers can reverse engineer it, thus preserving sensitive data, such as credit card or bank account information, or spy on or manipulate transactions that are handled through the app.
More security for shopping apps
In times when mobile applications for retailers represent an important strategy in the fight for customer loyalty and revenue generation, such cyberattacks can have fatal consequences - from financial losses to compensation payments to reputational damage. This makes it all the more important for companies to keep an eye on the security of their apps when setting up their mobile shopping strategy.
Specifically, this means that mobile applications are hardened at the binary level and equipped with runtime application self-protection technologies. Only then the app can independently protect itself against all types of manipulation and reverse engineering - regardless of device, environment, running time or idle state. Android retail apps with Host Card Emulation (HCE) -based payment solutions should also be equipped with special cryptographic key protection technologies to prevent unauthorized access.
For both businesses and customers, mobile retail applications have great potential in digital retail optimization. The difficulty, however, is to fully exploit this potential and achieve real competitive advantages. In addition to formulating the tangible benefits and convenience of shopping apps, providers must first and foremost strengthen customer confidence in the security of apps. Retailers and developers must spare no expense and efforts to protect their apps effectively against hacker attacks and abuse, and to communicate this security openly.
By Daniela La Marca