Secure Retail Mobile Apps for the Holiday Shopping Season

Retailers generate a significant amount of revenue during the holiday season, with a major portion of those sales coming directly from mobile and digital channels. Instead of dealing with crowded stores and traffic, many customers prefer browsing for gifts, making purchases and discovering new deals through their mobile apps. Unsurprisingly, 76% of consumers find shopping apps more convenient than websites.

The uptick in retail mobile app usage around the holidays has an unfortunate downside — cyber attackers aim to exploit mobile app security and privacy vulnerabilities to capitalize on the high volume of digital traffic. This becomes even more worrisome considering that 66% of popular retail mobile apps have privacy risks, 45% have high-risk vulnerabilities and 41% leak personal information.

Current economic conditions have many financial analysts lowering sales expectations for the holiday season. Retail businesses cannot afford to face the financial risk and reputational harm that comes from a mobile app breach or data privacy violation. With Black Friday and Cyber Monday approaching, retailers should take extra steps to secure and protect their mobile apps to ensure business success and customer satisfaction during the upcoming holidays.

It Only Takes One Incident

Many major retailers have experienced the negative consequences of having mobile app security and privacy issues:.


  • Earlier this year, Canadian coffee company Tim Hortons faced a major brand crisis when government authorities discovered the company secretly tracked users without their consent.
  • In 2021, ParkMobile experienced a mobile app breach that exposed the personal information of more than 21 million users.
  • In 2018, the market value of Under Armour dropped 3.8% after a MyFitnessPal mobile app vulnerability allowed threat actors to steal personal information from more than 150 million customers.
  • British Airways also dropped in value in 2018 after a mobile app security breach leaked 380,000 credit card payments and personal information.

A single mobile app security or privacy incident can immediately damage the success and brand reputation of any company. With mobile app activity exceeding desktop activity, retail businesses must go above and beyond to mitigate risk and safeguard user trust.

How to Better Secure Mobile Apps

Securing retail mobile apps requires year-round attention, but companies that have security and privacy weaknesses in their mobile apps still have time to prepare for the holiday shopping season. Retailers should consider the following security and privacy best practices to safeguard mobile app data.

  • Outsource Penetration Tests to Industry Experts: Manual mobile penetration tests conducted by professional security experts help development teams identify security and privacy issues within mobile apps. As part of a pen test, security analysts create a detailed report identifying the security and privacy issues in the app, the level of severity, likelihood of exploitation and business impact. NowSecure analysts meet with clients to provide remediation guidance and provide retesting to verify fixes. This can help retail mobile app developers remediate issues before the holiday rush while also learning how to avoid them in the future.
  • Tap Automated Security Testing: While mobile pen tests provide the highest level of testing coverage and depth, they typically take two weeks to complete. To achieve peace of mind and reduce risk in time for the holidays, retail leaders can use a hybrid of automated mobile application security testing as they build and update their mobile apps, combined with periodic outsourced pen testing or guided testing by a security expert.  
  • Upskill Developers on Secure Coding: Retail businesses hire talented developers to build high-quality mobile apps, but even the most experienced devs may have security skills gaps. Retail leaders should encourage devs to learn secure coding techniques from free online courseware to improve the security of the apps they build. Before the shopping season begins, devs can apply their security knowledge to review retail mobile apps to ensure they meet core security requirements.

With economic uncertainty lingering, retailers certainly can’t afford the business risks stemming from insecure mobile apps. Their security and development teams should be sure to take the necessary steps to ensure the security of their mobile apps, to protect their customers and avoid the consequences of a security breach.

Retail leaders can learn more about the security of mobile apps across all industries by visiting the NowSecure Mobile Risk Tracker page.

As NowSecure Chief Mobility Officer, Brian C. Reed brings decades of experience in mobile, apps, security, dev and operations management, including NowSecure, Good Technology, BlackBerry, ZeroFOX, BoxTone, MicroFocus and INTERSOLV, working with Fortune 2000 global customers, mobile trailblazers and government agencies. At NowSecure, Reed drives the overall go-to-market strategy, solutions portfolio, marketing programs and industry ecosystem. With more than 25 years building innovative products and transforming businesses, Reed has a proven track record in early- and mid-stage companies across multiple technology markets and regions. He is a graduate of Duke University.

Feature Your Byline

Submit an Executive ViewPoints.


Access The Media Kit


Access Our Editorial Calendar

If you are downloading this on behalf of a client, please provide the company name and website information below: