{"ID":2855462,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2510.12031","arxiv_id":"2510.12031","title":"Security and Privacy Assessment of U.S. and Non-U.S. Android E-Commerce Applications","abstract":"E-commerce mobile applications are central to global financial transactions, making their security and privacy crucial. In this study, we analyze 92 top-grossing Android e-commerce apps (58 U.S.-based and 34 international) using MobSF, AndroBugs, and RiskInDroid. Our analysis shows widespread SSL and certificate weaknesses, with approximately 92% using unsecured HTTP connections and an average MobSF security score of 40.92/100. Over-privileged permissions were identified in 77 apps. While U.S. apps exhibited fewer manifest, code, and certificate vulnerabilities, both groups showed similar network-related issues. We advocate for the adoption of stronger, standardized, and user-focused security practices across regions.","short_abstract":"E-commerce mobile applications are central to global financial transactions, making their security and privacy crucial. In this study, we analyze 92 top-grossing Android e-commerce apps (58 U.S.-based and 34 international) using MobSF, AndroBugs, and RiskInDroid. Our analysis shows widespread SSL and certificate weakne...","url_abs":"https://arxiv.org/abs/2510.12031","url_pdf":"https://arxiv.org/pdf/2510.12031v1","authors":"[\"Urvashi Kishnani\",\"Sanchari Das\"]","published":"2025-10-14T00:30:57Z","proceeding":"cs.CR","tasks":"[\"cs.CR\"]","methods":"[]","has_code":false}