• by Ray Schultz , Columnist, January 6, 2020

Ever wonder how so many email addresses get leaked?

Don’t blame email lists: the biggest identity sieve may be apps, according to a new report by NowSecure.

NowSecure, a provider of app protection tools, reviewed 250 Android apps downloaded from the Google PlayStore. It found that 70% leak personally identifiable information (PII), including email address, name, phone number and geolocation. In addition, they leak device IDs and device serial numbers.

The offenders include 92% of online retail apps, 82% of retail apps, 69% of insurance apps, 67% of travel apps and 48% of finance/insurance apps. Only 8% of online retail apps were not at risk of exposing PII, the study notes. 

Yet millions of people operate under the false assumption that their apps are secure. And, of course, this notion makes them vulnerable to phishing attacks. 

Consumers should “carefully consider halting use of apps that don’t safeguard their privacy while lobbying app makers to fix them,” the study says. That means they need clear privacy statements from app makers. 

At the same time, brands should “respect consumer privacy demands by ensuring their developers follow business practices for building secure mobile apps and close any privacy gaps that are found,” it adds.

The study notes that 60 million Americans have suffered fraud or identity theft due to a personal information breach.