A large number of retail apps are hiding serious security flaws

News
By published

At least many are being fixed quickly

Retail app
(Image credit: Pexels)

A concerning number of apps in the retail and hospitality sectors have at least one security flaw, according to new research from security firm Veracode.

Analysing over 130,000 applications, Veracode found that 76% in the retail and hospitality sectors had at least one security flaw, which was a similar figure to that found in other industries, including financial services, technology, and healthcare. More worryingly, 26% of the applications were found to contain high-severity issues, the second-highest proportion out of the six industry sectors analyzed.

Many retail apps tend to be larger and older than in other sectors, which can make them easy targets for security researchers, or cyberattackers, hunting down vulnerabilities. In particular, Veracode found that this sector struggled with encapsulation, SQL injection, and credential management flaws.

Finding a fast fix

However the report also found that the retail and hospitality sectors came second out of all the industries analyzed for flaw remediation. 

Half of the security issues identified were fixed in 125 days, almost a month faster than the next-quickest sector.

“Retail and hospitality companies face the dual pressure of being high-value targets for attackers while also requiring software that allows them to be highly responsive to customers and compliant with industry regulations such as PCI,” said Chris Eng, Chief Research Officer at Veracode. 

“Developers in the retail and hospitality sector appear to do a better job than others when dealing with issues related to information leakage and input validation. Using API-driven scanning and software composition analysis to scan for flaws in open source components offer the most opportunity for improvement for development teams in the retail sector.”

With coronavirus restrictions still in place for many countries, ecommerce is thriving, although the hospitality sector continues to struggle. The possibility of cyberattacks is another issue that they must continue to safeguard against, even though customer numbers remain low.

Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Businessman holding a magnifier and searching for a hacker within a business team.
Cloud streaming hoster StreamElements confirms data breach following attack
Latest in News
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa Devices, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
More about security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Isometric demonstrating multi-factor authentication using a mobile device.

NCSC gets influencers to sing the praises of 2FA
Amazon Big Spring Sale 2025 tech deals

I'm an Amazon shopping expert – here are the best tech deals I recommend in its Big Spring Sale
See more latest
Most Popular
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa Devices, and it's about time
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
The cast of Black Mirror season 7
Everything new on Netflix in April 2025 – including Black Mirror season 7 and Love on the Spectrum
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Businessman holding a magnifier and searching for a hacker within a business team.
Cloud streaming hoster StreamElements confirms data breach following attack
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
A digital representation of blockchain.
Malicious npm packages use devious backdoors to target users