A self-proclaimed app fanatic is warning about the security of mobile applications.
Calgarian Chermaen Lindberg said she got an email from PC Optimum advising her of a change in her household account.
“I opened up my app and looked,” Lindberg said, “and my whole 200,000 points is all gone!”
Her rewards points balance was pretty much wiped out by two strangers who, unbeknownst to her, had fraudulently joined her family profile.
“I had been saving up my points for our year-end redemption,” Lindberg said.
Shortly after, Lindberg also received an alert from McDonald’s. She had signed up for the app because of the convenience of being able to order and pay online.
It turned out that someone else liked the convenience as well.
“Someone charged $35 at McDonald’s in Ontario. I was like, ‘I’m in Calgary — not Ontario!'”
Mount Royal University computer science professor Charles Hepler told Global News the security of apps is a “mixed bag,” largely due to certain sites being more secure than others.
“If you’re downloading apps from a third party, someone other than the Play Store or the Apple Store, you’re running someone else’s code,” he said. “You don’t know what it does on your phone and it can do anything.”
Hepler said phones, in general, are less secure than a website on a computer.
“When you’re logging in on the web, you are running everything inside of the browser,” he said.
“So for someone to get access to data on your computer, they have to know what computer you’re using and they also have to know the browser that you’re using. Then they have to break out of the browser and then break into the computer.”
If you install an app on your phone, the program is there and so is the potential for a hack, making it easier for data to be accessed on your device.
Lindberg’s attempts to get her points back didn’t go as smoothly as she had expected. But eventually, Loblaw did refund her PC Optimum balance.
Company officials told Global News: “We have strong security measures in place across our digital platforms and take any sign of unusual activity very seriously. Recently, we have heard from an extremely small subset of our more than 18 million members with concerns about stolen points. In those cases, we halt their accounts and ask them to reset their passwords.”
Lindberg’s McDonald’s charge was also refunded — almost instantaneously.
“Every day, thousands of Canadians order and pay with My McD’s app. While we are aware that some isolated incidents involving unauthorized transactions have occurred, we remain confident in the security of our app,” McDonald’s said in a statement.
Both companies reiterated it’s also important for consumers to be diligent online by not sharing their passwords with others, creating unique ones and changing them frequently.
Lindberg said she has become more security conscious and hopes businesses will too, using stringent requirements to protect consumers.
“Apps are easy and convenient,” she said. “But it’s also easy to get hacked and get everything stolen from you.”
Comments