E-commerce mobile applications are central to global financial transactions, making their security and privacy crucial. In this study, we analyze 92 top-grossing Android e-commerce apps (58 U.S.-based and 34 international) using MobSF, AndroBugs, and RiskInDroid. Our analysis shows widespread SSL and certificate weaknesses, with approximately \(92\%\) using unsecured HTTP connections and an average MobSF security score of 40.92/100. Over-privileged permissions were identified in 77 apps. While U.S. apps exhibited fewer manifest, code, and certificate vulnerabilities, both groups showed similar network-related issues. We advocate for the adoption of stronger, standardized, and user-focused security practices across regions.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Security and Privacy Assessment of U.S. and Non-U.S. Android E-Commerce Applications

  • Urvashi Kishnani,
  • Sanchari Das

摘要

E-commerce mobile applications are central to global financial transactions, making their security and privacy crucial. In this study, we analyze 92 top-grossing Android e-commerce apps (58 U.S.-based and 34 international) using MobSF, AndroBugs, and RiskInDroid. Our analysis shows widespread SSL and certificate weaknesses, with approximately \(92\%\) using unsecured HTTP connections and an average MobSF security score of 40.92/100. Over-privileged permissions were identified in 77 apps. While U.S. apps exhibited fewer manifest, code, and certificate vulnerabilities, both groups showed similar network-related issues. We advocate for the adoption of stronger, standardized, and user-focused security practices across regions.