How Privacy Issues in Mobile Apps Affect Retailers

Famous Canadian coffeehouse chain Tim Hortons recently received negative publicity after several government agencies shed light on the company’s mobile app privacy policies and data collection methods. An investigation concluded that the Tim Hortons mobile app was secretly collecting sensitive geolocation data from users without their consent, even when the app was not in use. This discovery tarnished the reputation of a widely respected company with a long history of customer loyalty.

Mobile apps have become a critical business asset, generating billions of dollars in revenue. Retail companies like Tim Hortons that underestimate the importance of mobile app privacy and security risk damaging customer relationships and brand image, potentially leading to loss of customers and income. Consumers understand the value of their data and need assurance that companies are protecting it. All it takes is one mobile app privacy breach or data breach to drive consumers to a competitor.

Consumer trends show that the office no longer dominates the world of digital retail. A 2021 Business of Apps survey found that 80% of consumers said it was more fun to shop through mobile apps than websites. This may be why consumers spent more than 100 billion hours on shopping apps in 2021, according to research by App Annie. Consumers prefer the convenience and simplicity of mobile apps to make purchases, track orders, browse new products and communicate with service agents. Mobile business will only increase in the future, which means retailers need to take mobile app security risk mitigation seriously.

Welcome to the Mobile-First Era

Historically, brick-and-mortar retailers have generated most of their revenue from foot traffic. While foot traffic still plays a major role in business, mobile apps improve and simplify the customer experience and drive engagement and brand loyalty. For example, the Starbucks mobile app allows customers to place personalized orders and receive rewards for preloaded payments. The Starbucks mobile app generates 30% of the company’s total retail revenue and holds more cash than many banks through its loyalty app.

Despite the obvious importance of mobile apps to business, many retailers are dangerously lacking in mobile app security and privacy. In fact, a recent analysis of over 400 Android and iOS mobile retail apps by NowSecure MobileRiskTracker found that 100% posed security risks and 64% posed privacy risks. Common security risks uncovered in the assessment were insecure network communication, personal data leakage, insecure data storage, and the ability for attackers to take control of the mobile application. Privacy risks included app configurations that expose personal data, insufficient protection of sensitive data, and leaks of personal data to the network.

Publishing a mobile app with security and privacy flaws can damage customer trust and the reputation of any major brand:

• A vulnerability in the MyFitnessPal mobile app allowed hackers to harvest the personal information of over 150 million customers and caused Under Armor’s market value to plummet by 3.8%.
• British Airways suffered a mobile app security breach that leaked 380,000 credit card payments and compromised sensitive customer data. The incident led to a significant drop in market value and damaged customer confidence.
• Equifax, Western Union and three other financial services companies have damaged their brands after an investigation concluded that vulnerabilities in mobile apps breached sensitive customer information. A settlement with the New York Attorney General’s Office has forced every company to tighten mobile app security.

These examples prove that even established and financially resourceful companies can still fail to protect their customers from mobile app security and privacy breaches.

Build consumer trust with ethical privacy and security practices

A single breach of privacy or security with a mobile app can instantly damage brand loyalty. In order to build trust among consumers, retailers and consumer businesses must adopt ethical data privacy policies while being fully transparent about usage. Retailers need to make it clear to mobile app users what data they collect and how they use it.

Additionally, developers should practice secure coding techniques to build mobile apps with sufficient privacy and security from the start. Automated mobile app security and privacy testing throughout the development lifecycle allows developers to reduce risk without compromising release schedules.

Mobile app security issues from Tim Hortons, MyFitnessPal, British Airways and others are a strong reminder that all retail business leaders must ensure that the mobile apps their teams create respect consumer privacy. , stating clear requirements/mandates to their development teams, then verifying through appropriate testing.

As Now secure Director of Mobility, Brian Reed brings decades of mobile, application, security, development and operations management experience, including NowSecure, Good Technology, BlackBerry, ZeroFOX, BoxTone, MicroFocus and INTERSOLV, working with Fortune 2000 global customers, mobile pioneers and government agencies. At NowSecure, Reed leads the overall go-to-market strategy, solution portfolio, marketing programs and industry ecosystem. With more than 25 years of experience creating innovative products and transforming businesses, Reed has a proven track record in early-stage and mid-stage companies across multiple markets and technology regions. As a renowned speaker and thought leader, he is a compelling storyteller who brings unique insights and global experience. Reed graduated from Duke University.