Do e-commerce companies really provide a secure app experience to end users?

The e-commerce boom in India has pushed market players to bring in new strategies and tactics to rope in as many users as possible. Mobile apps have taken center-stage with customer acquisition campaigns placed around it. India's market players are tooled up with advances in SMAC, allowing them to better understand online behavior and make deeper inroads into the market.

 Do e-commerce companies really provide a secure app experience to end users?


But are these 'convenient and safe' mobile apps really secure? According to a report by Weiglant called 'Security Report of Top 50 eCommerce Mobile Apps' companies might need to re-think the security aspect. Weiglant's tests via automated mobile app vulnerability scanner Appvigil highlighted a huge security lacuna and shared that nearly 80% of all Android apps are vulnerable and can be hacked into. Appvigil scanned the respective mobile apps of major e-commerce players in India to see how they fare in security and found some startling results that should be a wake up call for companies towards providing a secure shopping experience to users.

According to the report, in 2013, only 10% of the mobile users used smartphones, and only 5% of the e-commerce transactions were made through a mobile device. This figure has more than doubled, and more than 13% of all e-commerce transactions today happen via mobile. According to some industry players, over 50% of the orders are being placed through mobile apps, which is not only leading to substantial customer acquisition but also building customer loyalty for various brands.

The fact that the total value of transactions on mobile phones in India jumped by 383% to $5.8 billion (Rs. 36,000 crore) between 2013 & 2014 and that will only grow, is evident enough for stringent security measures for mobile apps to be adopted.

"In such a scenario, when market players are transforming from mobile first to mobile only and the users eventually getting comfortable with online payments, recent hacks of Zomato, Ola Cabs, Gaana, Foodpanda have raised an alarm. What’s more shocking is that even the basic security practices haven’t been setup and security alerts from the hackers, experts, have fallen on deaf ears. This has threatened the privacy of 100 million+ users will surely deter more users from adopting the online platform affecting the reputation of the companies in the longer run," says the report.

Apps were tested for vulnerabilities of several types and range of severity including Internet spoofing, SQL Injection, hardcoded password and XML Decoder usage. It was found that online shopping and digital goods e-commerce platforms were most vulnerable, followed by cab booking and food ordering mobile apps.

While the pressing need for companies to secure their customer-facing mobile apps is obvious, they need to look inwards and ensure enterprise apps are equally waterproof. A survey found that 79% of companies reported a mobile data breach. With the cost of data loss ranging from less than $10,000 to over $ 500,000 per incident, mobile security within enterprises needs to be taken seriously. Security firm Symantec shares the top risks of enterprise mobility. These include a heterogeneous environment. since information workers use various devices, which may or may not be owned by the company, managing security across the motley collection is a huge challenge. Hyper-connected mobile devices often access unsecured networks - WiFi hotspots et al, and risk exposing corporate data.

Theft of device is theft of data too. Multi-factor authentication and device wipe are effective countermeasures against it. Unmanaged file sharing or unapproved apps accessing data can cause data leaks -- which is a loose end companies need to tie. Also Symantec finds the Bring Your Own App trend is introducing risky apps into the ecosystem, bringing in malware and other unwanted threats into the enterprise.

Updated Date: Sep 05, 2015 10:52:26 IST