The popular Canadian coffee chain Tim Hortons recently experienced negative publicity after multiple government agencies shed light on the company’s mobile app privacy policies and data collection methods. An investigation concluded that the Tim Hortons mobile app secretly collected sensitive user geolocation data without consent even when the app wasn’t in use. This discovery tarnished the reputation of a widely respected company with a long history of customer loyalty.
Mobile apps have evolved into a critical business asset, generating billions of dollars in revenue. Retail companies like Tim Hortons that underestimate the importance of mobile app privacy and security risk damaging customer relations and brand image, potentially leading to customer and revenue loss. Consumers understand the value of their data and need assurance that companies are protecting it. It only takes one mobile app privacy violation or data breach to send consumers off to a competitor.
Consumer trends show desktop no longer rules the word of digital retail. A 2021 Business of Apps survey found 80% of consumers said it’s more fun to shop via mobile apps than websites. This may be why consumers spent over 100 billion hours on shopping apps in 2021, according to research from App Annie. Consumers prefer the convenience and simplicity of mobile apps to make purchases, track orders, browse new products and communicate with service agents. Mobile activity will only increase moving forward, which means retailers need to get serious about mitigating mobile app security risk.
Welcome to the Mobile-First Era
Historically, brick-and-mortar retailers generated most of their revenue through foot traffic. While foot traffic still plays a major role in business, mobile apps elevate and simplify customer experiences and drive engagement and brand loyalty. For example, the Starbucks mobile app allows customers to place customized orders and receive rewards for preloading payments. The Starbucks mobile app generates 30% of the company’s total retail revenue and holds more cash than many banks due to its loyalty app.
Despite the clear importance of mobile apps to business, many retailers fall dangerously short in mobile app security and privacy. In fact, a recent analysis of more than 400 Android and iOS retail mobile apps by the NowSecure MobileRiskTracker found 100% have security risks and 64% have privacy risks. Common security risks uncovered in the assessment were insecure network communication, personal data leakage, insecure data storage and the ability for attackers to take over the mobile app. Privacy risks include app configurations that expose personal data, insufficient protection of sensitive data and personal data leakage over the network.
Releasing a mobile app with security and privacy vulnerabilities can damage customer trust and the reputation of any major brand:
- A vulnerability in the MyFitnessPal mobile app allowed threat actors to collect the personal information of more than 150 million customers and caused Under Armour’s market value to drop 3.8%.
- British Airways experienced a mobile app security breach that leaked 380,000 credit card payments and compromised sensitive customer data. The incident led to a significant drop in market value and damaged customer trust.
- Equifax, Western Union and three other financial service companies damaged their brand image after an investigation concluded mobile app vulnerabilities breached sensitive customer information. A settlement with the New York Attorney General’s Office forced each company to enhance mobile app security.
These examples prove that even established, financially resourceful companies can still fall short in safeguarding customers from mobile app security and privacy breaches.
Build Consumer Confidence With Ethical Privacy and Security Practices
A single privacy or security breach with a mobile app can instantly damage brand loyalty. In order to build trust among consumers, retailers and consumer businesses must adopt ethical data privacy policies while being fully transparent about usage. Retailers need to clearly explain to mobile app users what data they collect and how they use it.
Additionally, developers must practice secure coding techniques to build mobile apps with sufficient privacy and security from the start. Automated mobile app security and privacy testing throughout the development lifecycle allows developers to reduce risk without compromising release schedules.
The mobile app security issues of Tim Hortons, MyFitnessPal, British Airways and more are sharp reminders that all retail business leaders must ensure that the mobile apps their teams build respect for consumer privacy, by stating clear requirements/mandates to their development teams and then verifying through proper testing.
Ass NowSecure Chief Mobility Officer, Brian Reed brings decades of experience in mobile, apps, security, dev and operations management including NowSecure, Good Technology, BlackBerry, ZeroFOX, BoxTone, MicroFocus and INTERSOLV, working with Fortune 2000 global customers, mobile trailblazers and government agencies. At NowSecure, Reed drives the overall go-to-market strategy, solutions portfolio, marketing programs and industry ecosystem. With more than 25 years building innovative products and transforming businesses, Reed has a proven track record in early and mid-stage companies across multiple technology markets and regions. As a noted speaker and thought leader, he is a compelling storyteller who brings unique insights and global experience. Reed is a graduate of Duke University.