Whether by click, tap, swipe, or scan, apps now offer a variety of beneficial services that can enhance consumers’ shopping experience. These services help consumers compare prices in-store, load the latest deals, and make purchases – all from the convenience of their phone. To better understand the consumer protection implications of this ever-changing environment, FTC staff recently issued a report, What’s the Deal? An FTC Study on Mobile Shopping Apps, examining 121 popular apps that allowed consumers to shop till they drop.
This report isn't the FTC staff’s first time to market though. In 2012, we sponsored Paper, Plastic… or Mobile? An FTC Workshop on Mobile Payments, to consider the consumer protection issues surrounding mobile payment services. We followed up with a report, which outlined key recommendations.
In What’s the Deal?, we examined the pre-download disclosures of in-store payment apps to determine how they dealt with payment-related disputes. Additionally, because shopping apps can allow multiple parties to gather and consolidate personal and purchase data, we looked for information explaining how the apps handled consumer data.
Based on what we learned, we’ve made a few recommendations to those offering mobile shopping app services:
- First, when offering mobile payment services, companies should disclose consumers’ rights and liability limits for unauthorized, fraudulent, or erroneous transactions. Consumers should be able to know what their potential liability is for unauthorized transactions, what (if any) protections are available based on the method of payment, and whether procedures are available for resolving disputes, before committing to use one of these services.
- Second, companies should clearly describe how they collect, use, and share consumer data. While almost all of the apps that staff reviewed had privacy policies, these policies often used vague terms reserving broad rights to collect, use, and share consumer data. More detailed explanations would help consumers evaluate and compare the data practices of different services so they can make informed decisions about the apps they install.
- Third, companies should ensure that their strong data security promises translate into strong data security practices. Staff encourages all app developers (and indeed all companies in this ecosystem) to provide strong protections for the data they collect. And, certainly, companies must honor any commitments they make about the security they provide.