My Thoughts on Technology and Jamaica: Twitter’s one-click Buy Button – How One-Click E-Commerce is Twitter’s Great Smurfberry Scam Confessions of a Shopaholic

Monday, August 25, 2014

Twitter’s one-click Buy Button – How One-Click E-Commerce is Twitter’s Great Smurfberry Scam Confessions of a Shopaholic

Looks like Twitter is jealous of Facebook “Buy” Button and wants to get in on the e-commerce action.

Reports are now surfacing that suggests that Twitter has plans for a one-click buy Button of their own as stated in “Twitter will reportedly roll out 'buy' Button later this year”, published August 22, 2014 2:46 PM PDT by Donna Tam, CNET News and “Twitter likely to introduce ‘buy’ Button later this year after partnering with Stripe”, published August 25, 2014 By Trevor Mogg, DigitalTrends.

This look like a sure thing, as two months prior on e-commerce website Fancy, Twitter’s “Buy” Button was spotted in the wild as noted in “Twitter 'Buy now' Button pops up on mobile”, published June 30, 2014 6:10 PM PDT, by Donna Tam, CNET News.. If Twitter is serious about this, they’ll basically be going after what appears to be the hottest new trend in e-commerce; impulsive one-click buying.

The prime example of this trend of course being the Buy Button now popping up on Facebook for smartphones as detailed in my blog article entitled Facebook kills Gifts and presses Buy Button - How Facebook One-Click Purchases will start an Apple-esque Smurfberries-style Scandal”. 

Other e-commerce websites are also following suite are Polyvore and most notably Amazon, which allows you to place orders into your Amazon Shopping cart by replying to an Amazon Tweet of a product link with the #AmazonCart. There even a startup named Chirpfy that started in October 2013 that allows you to buy items that you've spotted on Instagram as described in the article “Chirpify lets you buy stuff on Instagram”, published October 23, 2012 12:45 AM PDT by Donna Tam, CNET News.

Social Media Shopping appears to be taking advantage of the impulsive buying habits of Credit-Card toting Americans who often desire to purchase what they see posted on Social Media but have no way to remember what they saw, short of saving the picture and doing an image search using Google Image. 

But is there a smurfberry-esque Scandal similar to what happened to Apple as described in as noted in “Apple to refund at least $32.5M for kids' in-App purchases”, published January 15, 2014 9:24 AM PST by Lance Whitney, CNET News laying in wait for Twitter and pals also?

Twitter’s one-click Buy Button – Confessions of a Shopaholic for smartphones users

This is especially true if the item popped up in their Social Media feeds, be it Twitter, Facebook, Pinterest or other platforms and they weren’t tech savvy enough to tweet, post or pin it to their wall for reference later.

The “Buy” Button on Twitter would allow the impulsive shopaholic in us all to take advantage of this unscratchable itch to engage in impulsive shopping that's really a lot easier on a Tablet as described in my Geezam blog article entitled “Amazon is Legally Blonde as the Kindle Fire HD Upgrade is CEO Bezos’s Confessions of an Online Shopaholic”. 

Clearly this one-click Credit Card purchase options is going to cause problems of smurfberry-like proportions. If Twitter ends up doing this as well, they'll be a part of this trend as merchants try to get Americans into a spending mood before Black Friday and Christmas.

However, in capturing the Credit Card Data of the buyer in order to enable one-click shopping or ordering as in the case of Amazon, care has to be taken to either prompt the shopper to re-enter their password every time to authorize the purchase or use their fingerprint.

Amazon has neatly solved this problem by just making a smartphone, the US$199 Amazon Fire smartphone as explained in my blog article entitled US$199 Amazon Fire smartphone is Amazon Prime member's Nirvana – Shopping by Nodding your Head and Finding Waldo” designed specifically for shopping that makes it as simple as taking a photo of the item you wish to purchase.

This shouldn't be a difficult with the Apple iPhone 5S or the Samsung Galaxy Alpha as described in my blog article entitled Samsung Galaxy Alpha with Metallic Band - Last of the 5” smartphones with decreased Battery Life as the Luddite Camp gets Larger”.

But that’s only gonna protect you if your smartphone gets stolen. What if the thief is already a trusted member of your App family and already inside of your smartphone?

One-Click E-Commerce Enemy - Rogue Apps with keylogging capability a Jamaican Scammers Dream

But there's another threat that can disrupt these one-click e-commerce implementations; Apps on the customer's smartphone that steal information from other Apps as stated in “Sneak Attack: Android Apps Can Spy on Each Other”, published 21.08.2014 by NBCNews.

This discovery was based on the research of Qian and Qi Alfred Chen and Z. Morley Mao of the University of Michigan who had presented their findings at the USENIX Security Symposium in San Diego on Friday August 22nd 2014. For those who love reading long Research papers like I do, here's the link to their paper entitled “Peeking into Your App Without Actually Seeing It: UI State Inference and Novel Android Attacks”.

Then again, it shouldn’t be a surprise to anyone as there are actually Apps that can be used to deliberately spy on you, as can be seen in the video below.

In fact, by logic, if any App can access the various functions in your smartphone then it stands to reason that these Apps can also access data stored in the Smartphone’ memory by other Apps, even accessing the Cloud Storage platforms used by those Apps to store confidential data such as your Credit Card information.

This is possible because all Apps re allocated sections of the shared memory space in your smartphones or Tablet's memory. Thus, albeit they're assigned separate areas or memory within which to work, such Rogue Apps can in fact spy on each other and read Data from each other’s memory areas.

Data such as Credit Card information, Login and Passwords can be captured by such rogue Apps which unsuspecting Americans may have installed on their smartphones or Tablets.

These Rogue Apps were the result of legitimate purchases and were purchased from the Apple iTunes Store or even the Google Play Store. Good to note here that their research points to this vulnerability mainly targeting smartphones running Google Android and thus mainly purchasing Apps from the Google Play Store.

Sticky Finger Rogue Apps – Luddite Camp grows as Twitter’s Great Smurfberry Scam unfolds

This revelation is certain makes one-click e-commerce implementations think twice and double down on security or at least for Apple and Google to do a more thorough search of their App Stores to root out Rogue Apps that have sticky fingers.

But until a definitive way is found to prevent such Apps from stealing Data as if they were keyloggers as described in my blog article entitledProfessor Marco Gercke warns of Scammers using Keyloggers for Spear Phishing - How to use Keyloggers and how to Protect yourself from Scammer's American Hustle for Fast Cash”, this is going to become a big problem.

Even more interesting for me personally, the hill in the middle of the Luddite Camp that I'm sitting on looks to be slowly taking on more refugees! People in Jamaica, via these articles, are starting to see why I'm not so gung-ho about smartphones that have that much info stored about me as stated in my blog article entitledThe Reason why I don't like Smartphones - Location Privacy and How to disable Location Services on Android and iOS”.

It's not just the fact that these smartphones can give away your location, but they can also give away your password, login and your Credit Card information to unscrupulous criminals via Rogue Apps that read Data from other legitimate Apps, including Twitter and Facebook!

In short, Twitter, Facebook and all these One-Click E-Commerce wannabees have to develope a way to encrypt logins and passwords in memory. Otherwise we may be witness to the Great Smurfberry Scam in the history of the US of A since the Great Train Robbery.

Rogue Apps with keylogging capability may be a Jamaican Scammers Dream that everyone will wanna get in on as similarly described in my blog article entitledHow Scammers and Hackers are on the Rebound Laundering Money - Minister of National Security Peter Bunting misguided on Scammers”.

No comments: