I-Team: Shopping apps could put identity at risk
CHICAGO (WLS) -- We are just days away from the start of the holiday shopping rush and it's likely you will be using your smartphone to buy some gifts.
The ABC7 I-Team is finding many apps that make shopping easy, could also be putting your identity at risk.
It is estimated that more than 90 percent of shoppers will make purchases using a mobile app this holiday season, but the I-Team found several reasons why shopping apps can be vulnerable, even putting all the information stored on your phone at risk.
Your phone may be jam packed with shopping apps. Many store your home address and payment information.
"That's personal information," said Jordyn Harmon. "That's not something that should be out there for anyone to see but you.
There is a threat. Security analysts say almost half of all apps have at least one high risk security flaw.
"Shopping apps tend to be the leakiest apps, or most insecure apps that we see," said Andrew Hoog, Now Secure. "In the rush to get apps out the door, a lot of companies have left security behind."
Hoog, from the mobile security firm Now Secure in Oak Park says those shopping apps can spit out your passwords, location and payment details for hackers to grab.
"A lot of applications send data out to the internet and it goes to their website, but in the process of doing that, anybody sitting in between their website in your app can potentially intercept that," he said.
The I-Team took Hoog to the streets to uncover user flaws. The first one. shopping while on unsecure, free Wi-Fi without a password.
"It does make you feel vulnerable that these information are just out there," said Emmanuel Cerdantez.
Hoog used a security app to show people how many "unsecure" or "vulnerable" shopping apps were on their phones.
"I'm actually really surprised because I didn't know this is actually happening on my phone," said Alejandra Villegas.
Once you know how many are potentially risky, you can dodge another common mistake:.
"We see a lot of people do not enable passcodes on their phone," Hoog said.
Others were signed into shopping apps, but didn't have a passcode to lock their phones. .
"I'm a little nervous about it," said Joe Moreno. "I think I'll pay more attention into what I'm doing and I might not even use those apps."
Now Secure says it informs app companies when they find vulnerabilities, but they aren't always quick to respond.
Many of these apps have almost as much information as your banking apps with far less security.
For more information:
https://www.nowsecure.com/lab/
https://play.google.com/store/apps/details?id=com.nowsecure.android.vts
