The traditional retail sector has suffered tremendously due to the COVID-19 pandemic. In the United States, few physical retail stores were able to open in March, April and May. As many states loosened their stay-at-home orders, locations have been able to reopen, but with the number of infections continuing to rise in most of the country, many consumers are still reluctant to return. And for retailers, it’s a totally different experience, with state and local governments limiting the number of customers allowed inside and new requirements for sanitation and cleaning. Shoppers are increasingly going to the Internet for their shopping needs, whether it’s to order for delivery or to set up curbside pickup.
As a result, every retailer must have a digital business model of some sort to survive, and increasingly that means having a mobile app. After all, in the U.S. consumers spend 58% more time consuming media on their smartphones than they do on desktops and laptops. During the pandemic — and likely long after — retail businesses need a mobile presence; it’s arguably even more important than having a physical store.
This new reality for retailers presents some new challenges. First, organizations need to find ways to stand out in an already crowded mobile market for retail. This means that retailers will need to develop apps and release new features at a faster pace to keep up with competition. Additionally, a flood of new users who previously only used mobile apps casually are now relying on them for day-to-day shopping. They’re more likely to fall for scams and grant permissions to apps when they request them, which makes them vulnerable to malware such as trojans. Finally, increased usage of existing apps will magnify flaws and vulnerabilities, as Zoom famously discovered when millions of new users suddenly started using their conferencing app on a daily basis.
The takeaway from these challenges? Retailers need to develop apps quicker than before, but it’s also more important than ever that these apps be secure. Unfortunately, recent history shows us that security will likely take a back seat to features and functionality, especially with all the new urgency to deliver quickly.
According to the Verizon Mobile Security Index 2020, 43% of app developers said they had cut corners on security to “get the job done,” and that was before the pandemic hit. Manually coding security into apps is expensive and time-consuming, which makes it difficult to deliver apps on time and within budget. And that assumes that development teams can hire and retain iOS and Android security experts, both of which are in very short supply.
Some might object that all this concern over security is unnecessary. After all, consumers choose the apps they use based on ease of use, functionality and the overall app experience. Security doesn’t usually factor in at all. Plus, many would say that cybercriminals have historically not paid much attention to mobile apps.
That’s no longer the case. Cybercriminals clearly recognize that apps are vulnerable and that they are a rich source of sensitive data. According to the Check Point Cyber Security Report 2020, mobile malware grew 50% last year, a development that caused the report’s authors to write: “2019 proved the mobile threat landscape is now fully matured. More malware types are being migrated to the mobile arena and more vulnerabilities in mobile devices, apps and operating systems are being exploited in the wild.”
And though poor app security won’t necessarily hurt adoption when an app is new, once cybercriminals mount a successful attack, companies will not only see serious damage to their brand, but they may also face legal action.
To protect their apps, retailers must make sure they have the following security protections, at minimum:
- Shield apps from tampering, reverse engineering and repackaging to prevent them from being transformed into trojans or even just badly functioning apps aimed at hurting their reputation
- Encrypt all valuable account information, both in transit and at rest on the device
- Obfuscate their code base to prevent hackers from analyzing the binary for vulnerabilities
Thankfully, however, retailers don’t need to manually code security into their apps. Software development kits (SDKs) can be incorporated into apps to secure them, and no-code platforms can embed security into a binary in just a matter of minutes. With mobile apps rapidly becoming a fundamental foundation for any retail business, there’s no longer any excuse for distributing insecure apps.
Tom Tovar is CEO and co-creator of Appdome, the mobile industry’s first no-code mobile solutions platform. Prior to Appdome, he served as executive chairman of Badgeville, an enterprise engagement platform acquired by CallidusCloud; CEO of Nominum, a DNS security and services provider that was acquired by Akamai; and Chief Compliance Officer and VP of Corporate Development and Legal Affairs at Netscreen Technologies. He began his career as a corporate and securities attorney with Cooley Godward LLP. Tovar holds a JD from Stanford Law School and a BBA in finance and accounting from the University of Houston.