A Calgary resident’s app woes have highlighted the insecurity of mobile applications.
According to a new report from Global News, Calgarian Chermaen Lindberg had her PC Optimim points wiped out by bad actors who had managed to add themselves to her account at family members.
Linberg also received a fraudulent charge on her McDonald’s app for $35, which she was not responsible for.
Mount Royal University computer science professor Charles Hepler calls the security of apps is a “mixed bag” largely due to some sites being more (or less) secure than others.
“If you’re downloading apps from a third party, someone other than the Play Store or the Apple Store, you’re running someone else’s code,” he said. “You don’t know what it does on your phone and it can do anything.”
According to Helper, visiting websites on a smartphone is generally less secure than visiting a website on a computer.
“When you’re logging in on the web, you are running everything inside of the browser,” he said. “So for someone to get access to data on your computer, they have to know what computer you’re using and they also have to know the browser that you’re using. Then they have to break out of the browser and then break into the computer.”
While it took some effort, Linberg’s PC Optimum points were eventually refunded by Loblaws.
“We have strong security measures in place across our digital platforms and take any sign of unusual activity very seriously,” Lowblaws representatives told Global News. “Recently, we have heard from an extremely small subset of our more than 18 million members with concerns about stolen points. In those cases, we halt their accounts and ask them to reset their passwords.”
Lindberg’s McDonald’s charge was quickly refunded. Others earlier this year were also affected by the McDonald’s mobile app and unauthorized charges.
“Every day, thousands of Canadians order and pay with My McD’s app,” the fast-food company said in a statement. “While we are aware that some isolated incidents involving unauthorized transactions have occurred, we remain confident in the security of our app.”