ARTIFICIAL INTELLIGENCE IN RETAIL: BENEFITS AND RISKS ASSOCIATED WITH MOBILE SHOPPING APPLICATIONS

The objective of the study is to examine the practical implications of using artificial intelligence (AI) based solutions in the case of retail mobile applications, to enhance the online shopping experience and improve the engagement by also having in mind the privacy of the users. We examined 117 shopping applications available in the Google Play market and investigated the permissions required for each application and the categories of personal data collected from the users. Based on the information gathered, we provided practical methods to integrate artificial intelligence-based solutions to offer a new set of services, partially unavailable in physical stores. Some of the permissions identified, if exploited by malicious users, can affect individuals’ privacy. The fact that artificial intelligence is a fast-developing technology constitutes the main challenge in the effort of creating proper regulations. This research provides practical directions regarding the benefits of integrating artificial intelligence solutions in retail mobile applications in an ethical manner, protecting the users’ privacy


Introduction
The pandemic changed the consumers' habits, especially in the case of non-essential goods, where the sales volume decreased significantly in the second and third quarter of 2020. Since social distancing continued to represent the leading solution to reduce the exposure of the individuals to the virus, many consumers started using online shopping to the detriment of physical stores (Barnes, 2020;Nguyen et al., 2020). In this context of significant quick changes, retailers' attention is moving to e-commerce in an attempt to respond to the new needs of the individuals. The online shopping has received a significant level of attention during the last years and researchers highlighted that the key aspects important to the consumers are represented by the ease of use, the design of the website or application, and the trust regarding the usage of the personal data collected (Ha and Stoel, 2009;Lian and Yen, 2014;Al-Debei, Akroush and Ashouri, 2015;Natarajan, Balasubramanian and Kasilingam, 2017).
The adoption of artificial intelligence (AI) based solutions in retail and wholesale is rapidly transforming the industry by enhancing the entire process since this domain generates a vast amount of data that can be leveraged using this data-driven technology. Over the years, different studies have investigated the practical ways in which AI-based solutions are being used in retail and wholesale. However, less attention has been paid on leveraging mobile applications to provide a better experience than the one in-store, using AI, especially in this current context where customers tend to avoid unnecessary social interactions. Mobile shopping applications, compared with online shopping by using different browsers, provide more leverage to the companies to increase the engagement (Ho and Chung, 2020;Li, Zhao and Pu, 2020) and facilitate the use of various AI features that can be embedded in the applications.
Theoretically, there is no limit for AI to expand and facilitate enhancements in any industry, so the boundaries should be set by ethical guidelines and principles (Kreutzer and Sirrenberg, 2020) to create a technology that works in favour of the individual and the collective well-being.
The purpose of the current study is to investigate practical implications regarding the use of mobile shopping applications along with AI-based solutions to improve engagement, enhance the online shopping experience, and encourage impulse buying, also focusing on privacy, legal, and ethical implications. A series of mobile shopping applications available in the Google Play market has been examined to achieve the research's objective. This approach is used to determine the main permissions required, which of those permissions can be leverage by using AI, the security implications, and how the personal data collected is used to train machine learning algorithms to better respond to the needs of the users. The current research aims to provide support for retail companies to adopt more AI-based solutions that can be integrated into mobile shopping applications, to increase the business objective ethically. This paper is structured in four parts. The first part presents the relevant literature review for this research, focusing on current AI solutions used in retail, legal aspects, and ethical challenges. The second part details the methodology used to conduct the research, mentioning the purpose and objectives. The third part reflects the study's results, which present the main permissions of mobile applications that can be exploited by AI solutions, the types of data collected by companies that offer the mobile applications, along with the main challenges regarding privacy. The last part presents the conclusions, the limits of the present study, and the future research directions.

Literature review
Researchers tend to have different approaches when presenting the distinct fields of AI (Buhalis, et al., 2019;Dignum, 2019;Chowdhary, 2020;Girasa, 2020;Kreutzer and Sirrenberg, 2020). While in some studies the types of AI are categorised based on the ITrelated functionalities, others are using a taxonomy based on the evolution in time, the principal sub-fields of applications being: natural language processing, natural image processing, expert systems, and robotics. In terms of the capabilities and evolution, researchers classify AI as Weak Artificial Intelligence (or Artificial Narrow Intelligence), Artificial General Intelligence, and Strong Artificial Intelligence. Another classification of AI was given by Hintze (2016), which considers that there are four main categories of AI: reactive, limited memory, theory of the mind, and self-aware.
Machine learning (ML), one of the most known and used AI techniques in the retail field, is part of the robotic sub-field and the narrow AI, having different types of implementation: supervised learning (predicts), unsupervised learning (discovers patterns), reinforcement learning (decision-making), and deep learning (multiple neural networks) (LeCun, Bengio and Hinton, 2015;Goodfellow, Bengio and Courville, 2016;Dignum, 2019;Luce, 2019;Kreutzer and Sirrenberg, 2020), all based on algorithms that are processing data, learning, and developing new models to answer the needs of the companies.

AI applications in retail
Retailers all around the globe started to adopt AI solutions to support the development in this sector. Amazon was one of the most active pioneers in automating this domain with the use of AI in different areas of retail, from warehouse robots that can move items and prepare orders to be shipped (Bogue, 2016), drones that will bring the goods to the customers (Singireddy and Daim, 2018), anticipatory shipping (patented in 2011), that should address a significant part of the logistical issues (Spiegel, et al., 2011), to checkoutfree shops (Polacco and Backes, 2018). The next step might be shipping the products to the client, without an initial order, based on the algorithms' predictions and the users' behaviour and, if the product is not desired by the customer, it can be returned (Shankar, 2018).
Chatbots, also called conversational agents, are becoming extremely attractive to companies due to the applicability as this technology promises to improve engagement, facilitate the interaction, and provide a personalised shopping experience. They can use natural language processing, natural image processing, and ML algorithms. A recent study (Rese, Ganster and Baier, 2020), investigating a series of market research surveys, showed that the acceptance rate of chatbots varies between 10% and 50%.
IoT devices, like the Samsung fridge (Gritti, Önen and Molva, 2019), allow people to avoid a series of activities; the fridge is making a list of goods and sends the orders automatically to the grocery shop for the products needed. However, a recent study focused on autonomous shopping (De Bellis and Johar, 2020) identifies four significant psychological barriers regarding the adoption of these systems: reduced control and autonomy, reduced meaningful experience, reduced individuality and identity, and reduced social connectedness.
The increasing adoption of augmented reality (AR) applications brings significant benefits to the retail area by allowing customers to visualise products in a completely new and innovative manner by using magic mirrors, virtual fitting rooms, and different techniques that help clients make the best purchase decision and increase their level of satisfaction (Poushneh and Vasquez-Parraga, 2017).
A major drawback for retailers to adopt AI-based solutions was the initial adoption costs. Now there are several companies (Slyceimage search for recommendations, Oraclechatbots) that started to provide AIaaS (Artificial Intelligence as a Software), aiming to facilitate the integration of these technologies for the retailers. Therefore, the expectations are that during the next years almost all online stores will use AI to enhance the shopping experience.

Regulating Artificial Intelligence
At the European Union (EU) level, several instruments can be used to regulate the legal impact of the AI applications on individuals and society, both in terms of hard law and soft law. However, the main challenges are derived from the constant expansion and evolution of AI techniques. In this context of fast-developing technologies, the hard law (binding legal instruments and regulations) if applied, might not be sufficient for a medium and long timeframe, while the soft law (agreements, principles, and declarations that are not legally binding) and ethical frameworks, lack an oversight mechanism and create difficulties for programmers to develop AI-based applications.
Since the expansion of AI is touching more and more individuals' personal lives and due to the need for a legal framework, the Council of Europe's Committee of Ministers set up in September 2019 the Ad Hoc Committee on Artificial Intelligence -CAHAI. The objective of CAHAI, established for two years, until 2021, is to examine, through dialogue with stakeholders, "the feasibility and potential elements of a legal framework for the development, design and application of artificial intelligence", so AI applications will respect the compliance with the rule of law. Furthermore, CAHAI should assess whether the current legal instruments are suitable for addressing the present and future challenges brought by the development of AI.
The need for regulating AI arises from the necessity of having personal data processed in a fair, transparent, and accountable manner by avoiding discrimination and creating trust for stakeholders and shareholders. The regulation of AI poses challenges derived from the continuous development of the algorithms. In this respect, the lawmakers and standard setters should be aware that the risk assessment should be carried on a systematic base, using preferably a principle-based approach instead of a rule-based regulation.
The regulation of AI applications impacts the commerce industry that had already embedded in its processes AI solutions. A common issue lately identified in the retail area is price discrimination (PD) that refers to the use of ML algorithms aiming to sell a good or service at the maximum price the consumer is willing to pay. Based on a series of labels that the algorithm assigns to the individuals, based on the past activity and personal data, researchers showed that some categories of consumers are offered a particular good or service at a higher price (Hannak, et al., 2014;Larson, Mattu and Angwin, 2015;Calvano, et al., 2019). As per this, because of the retail companies' clustering algorithms, some individuals are offered a higher price, even though the delivery costs are the same for every potential client. While PD mechanisms might not use complex AI techniques to target specific categories of individuals, the algorithms can instead use a limited series of attributes, like the location; in theory, AI can use unsupervised learning to obtain a finergrained PD (Gautier, Ittoo and Van Cleynenbreugel, 2020). The current anti-discrimination laws might not be sufficient for this scenario of indirect discrimination and regulators have to address this issue by highlighting the need for developers to be more accountable for the algorithms that they design, preventing, in this way, PD.
Retailing represents the perfect environment for the use and growth of AI since it collects a significant amount of information regarding consumers and their behaviour. Because of this, the way in which the algorithms are processing the data has received a lot of research attention by studying how the privacy of individuals is affected and possible technical solutions to mitigate the risks (Els, 2017;Alguliyev, Aliguliyev and Abdullayeva, 2019;Hao, et al., 2019;Mazurek and Małagocka, 2019;Kreutzer and Sirrenberg, 2020;Singh, Rathore and Park, 2020;Thinyane and Sassetti, 2020).

Ethical challenges
AI solutions started to be researched and used since 1950, but the progress became significant in the last two decades, impacting individuals' lives systematically. This incredible progress, however, raised a question: to what point AI can influence humanity? Kreutzer and Sirrenberg (2020) consider that "There aretechnically -(almost) no limits to the possible fields of application of Artificial Intelligence. The limits should therefore be set by ethical standards". In the 2019 Artificial Intelligence Index Report (Perrault, et al., 2019) are presented 12 ethical challenges highlighted by researchers that should be addressed in the development of AI-based solutions. The primary concerns are focused on fairnessusing a dataset that is not discriminatory and does not contain elements that might lead to algorithmic bias, interpretabilitythe degree to which the user can understand the cause of the decision and can predict future results, explicabilitythe active characteristic of the algorithm that brings clarifications regarding the undergoing processes in providing an output, transparencythe level of information provided by an AI-based system, during the decision-making process, accountabilitythe accountability of the stakeholders involved in developing the algorithms regarding the implications generated by using it, and data privacyusers knowing how their personal data is processed in the developing and usage of the AI-based systems.
One primary technical concern is algorithmic bias, which is represented by a series of systematic and repeated errors, that can lead to discrimination due to using inadequate data (incomplete, unrepresentative, or already biased) to develop the algorithms.
In the relevant literature, several examples of algorithmic biases can be found (Bozdag, 2013;Lambrecht and Tucker, 2019;Taati, et al., 2019). However, in some cases, it is uncertain if the bias was created by the inadequate dataset used to train the algorithms or if the algorithms have learned to maximise the chances of achieving the objective. Although not all forms of algorithmic biases are discriminatory, there is an ethical need to address this issue.
Shopping represents a therapeutic activity for individuals (Babin, Darden and Griffin, 1994) and retailers are nowadays focusing on enhancing the customers' experience. However, there is a fine line between shopping therapy and compulsive purchases (Hirschman, 1992), so companies should focus their efforts on supporting a correct shopping behaviour, especially in the context of introducing AI-based solutions that are capturing easier the attention of individuals.
Another critical aspect that is supported by ML algorithms in the retail area is to predict the users' needs and provide anticipatory delivery of the products, not in the warehouse, but directly to the customers, that can return the goods if they are not satisfied with them,; however, this seems to impact the control of the individual over the decisions made to acquire a good. While this is not a trespassing of privacy, it raises concerns regarding the impact that this might have on the individuals' personal lives.

Research methodology
Taking into consideration that smartphones gained a tremendous amount of popularity, have an extremely favourable acceptance rate (Deloitte, 2019), and provide significant support to the retailers, we considered appropriate to explore the relationship between AI solutions and mobile applications, especially now when the customers' behaviour changed as a result of the pandemic, the number of visits to physical stores decreased worldwide, and the online shopping started to be preferred, the smartphones being a significant vector in this switch.
This research aims to identify practical solutions for the use of mobile shopping applications for both essential and non-essential goods, together with solutions based on AI systems, to increase customer engagement, encourage impulse buying, provide a significantly better shopping experience, and analyse potential risks that may affect the confidentiality of data collected from the users. Thus, the general and specific research's objectives we set out were:  O1. Analysing how privacy can be affected by using mobile applications. To achieve this goal, we have refined the research direction through the following specific objectives:  O1.1. Identifying the mobile applications' permissions that may affect the confidentiality of data provided by users.
 O1.2. Examining the privacy policies of the companies that sell products through mobile applications, to determine the main types of information collected, the risks and how the data is protected.
 O2. Identifying how the AI used in mobile shopping applications supports the development of competitive advantage. To achieve this goal, we have refined the research direction through the following specific objectives:  O2.1. Analysing the permissions of mobile applications to determine which of them can be used in conjunction with AI solutions to increase customer engagement.

Artificial Intelligence in Retail: Benefits and Risks Associated With Mobile Shopping Applications
 O2.2. Identifying permissions of mobile applications that can be exploited through the use of AI to encourage impulse buying and provide consumers with a better experience compared to physical store purchases.
The general approach of the research consists of conducting a cross-sectional study; the objective is to capture several perspectives on the data collected from mobile shopping applications, in order to provide practical recommendations to achieve the study's aim. Currently, in the Google Play store, there are over three million applications deployed, from which over 110.000 are included in the shopping category and, by looking at the popularity in terms of numbers of downloads, around 200.000 of them (6.67%) have been downloaded more than 100.000 times.
In this exploratory research, we analysed 117 shopping applications available in Google Play, randomly selected exclusively based on the popularity. The criteria taken into consideration when selecting the application was to have at least 100.000 downloads. Within the selected applications, products from different categories are sold (table no. 1). The data has been collected during July-August 2020. Some of the applications analysed are: Zalando -Shopping & Fashion, iHerb, The Home Depot, Best Buy, The Kroger, Decathlon International, and PetSmart. Since the AI solutions are diverse and have a high degree of complexity, for the selection of the applications included in this study the existence or lack of usage of AI was not taken into account. Although in some cases users can clearly identify the existence of an AI-based program, such as searching for a product by uploading an image, conversational robots, or personalised recommendations, AI is much more complex and even if the user is not informed about the programs used by the company to determine a specific response, this does not indicate that these applications do not use AI. For these reasons, we have not exclusively selected applications whose description and functionality suggested the use of ML algorithms or any other program in the field of AI. From these 117 applications analysed, 15 of them refer to multiple categories of products, including clothes, cosmetics, sports, home improvement, electronics, and many others.
Since it was difficult to allocate these applications to a particular category based on the market share, we considered appropriate to assign them into a distinct category. The data collected from the applications and privacy policies have been analysed from different perspectives based on the research's purpose, for all of the 117 applications included in this present study. By examining the permissions and privacy policies, we used a content analysis to capture all the information put at the disposal of the smartphones' users, as this research method has an adequate level of applicability in the retail area, because it supports the avoidance of biased results and "provides an empirical starting point for generating new research evidence" (Kolbe and Burnett, 1991). We have also used statistical methods for the data collected to test if there is a significant difference between applications, depending on the companies' location.  To achieve the specific objective O1.1., we examined the 63 different types of permissions requested by the applications following their specifics. We then computed the frequency, and classified them into three categories (low, medium, and high), based on the risk of personal or sensitive data collection and exposure, correlated with the technical functionality. The majority of the permissions have a medium and high level of exposure (53.96%), while 29 permissions do not pose any significant threat to personal data.

Results and discussion
To examine whether there is a difference between EU and non-EU countries, in terms of the number of total permissions and the number of medium and high-risk permissions per application, we conducted a one-way ANOVA test (single-factor analysis of variance) (table no. 3), using the Statistical Package for Social Sciences (SPSS). We have also included UK companies in EU countries, due to the fact that they comply with the same personal data protection regulation. The result of the ANOVA analysis is showing that usually, the applications analysed where the company is in the EU have generally fewer permissions than the applications deployed by companies from countries outside the EU. This result might be an effect of the General Data Protection Regulation (GDPR) adopted in all EU states in 2018, that reinforced personal data processing rules. Although states from all over the world have privacy laws, the regulations' effect is more visible in Europe.
The application are making constant efforts to detect any malicious application. However, there has been evidence that the initial screening performed by the specialists was not always successful and led to the deployment of malware applications that had the potential of affecting the users' privacy (Rahman, et al., 2017;Bhat and Dutta, 2019), as the ability of such programs is evolving and manages to bypass the security measures (Wadkar, Di Troia and Stamp, 2020).
The awareness level of the users regarding the risks generated by the usage of mobile applications have been assessed during the last years, and the studies have highlighted that the majority is not concerned with the permissions of the applications that they are installing, or they fail to understand them (Felt, et al., 2012;Ramachandran, et al., 2017;Ngobeni and Mhlongo, 2019).
In terms of the functionality of the applications examined in this paper, we identified four substantial risks that can significantly affect the users' privacy:  Eavesdropping -21% of the sample analysed include this feature (record audio) to facilitate the vocal search, but malicious applications can use this permission to eavesdrop on users. Even though this phenomenon has not been identified at a large scale, it is, however, possible for an application that received this permission to eavesdrop on users (Kröger and Raschke, 2019). Analysing the companies' privacy policies that deployed these applications, we have not identified information regarding the storing methods of audio records or their future use.
 Secretly transferring data -12% of the applications have the permission to connect and disconnect from Wi-Fi and 5% are allowed to change the network connectivity and both of these, in association with another permission, "Full network access" (that is present in all applications requiring an internet connection) can act as a malware, secretly collect, then transmit the user's data. In relation to mobile shopping, these two permissions are used to increase the customers' exposure to the offers and shopping applications.

Artificial Intelligence in Retail: Benefits and Risks Associated With Mobile Shopping Applications
 Install malware without the users' knowledgein 6% of the applications analysed we identified the permission called "Download files without notification" that allows the applications to download and install programs without the knowledge of the user, even malware programs that can then be used to spy on the activity and then leak private data. Online shopping applications will use this permission to download mandatory updates without first notifying the users, avoiding, in this way, scenarios in which they might access a non-functional application.
 Gather unprovided data without the users' knowledge -a permission called "Read sensitive log data" has been identified in five cases. This allows the application to read the data provided and stored by the other applications installed and might access personal data of the user. This feature can be used to collect more information regarding the consumers and give a better personalised shopping experience, but if the data has not been provided with the users' knowledge, this practice raises some ethical questions.
Through this analysis of medium and high-risk permissions in terms of the ability to affect privacy, we achieved the specific objective O1.1. of the research.
The specific objective O1.2. imposed the retailers' privacy policies that deployed these applications. For this purpose, we identified the main types of personal data collected: full name, profile picture, delivery address, phone number, email address, credit/debit card information, passport ID, and drivers' license number. Besides these categories of data, other types of information were collected, such as location, postal code, gender, age, date of birth, hobbies, buying preferences, estimated income, shopping patterns and behaviours, the reason for purchasing a particular product, and in one case we identified that the company was storing information about the customers' education level. All these details are needed by the retailers to address the users' needs better, but they should protect personal privacy by using the best current available solutions to avoid data leakages. The majority of the companies specified in the privacy policy that they are using encryption methods to protect the data of the users transmitted via the internet, usually Secure Sockets Layer (SSL), an encryption-based Internet security protocol, but researchers have highlighted that this technology has a series of vulnerabilities, that might affect the accuracy of the data transmitted (Ramírez-López, et al., 2019;Tang, et al., 2019). Only in a limited number of cases details about how the data stored is protected were provided.
A recent experiment carried out by a well-known cybersecurity expert, Bob Diachenko, showed that unprotected databases are usually attacked 18 times per day and during the first eight hours after deploying the database, 175 attacks have been performed by hackers (Bischoff, 2020).
There are several techniques that companies can use to protect the privacy of the users, such as leveraging AI, to identify earlier data breaches and sending red flags to respond faster to a possible attack. Also, developers can train ML algorithms to categorise data based on the level of confidentiality to use the proper encryption techniques, testing and identifying potential risk areas and automatically apply patches. Since the majority of mobile applications analysed collect information about the credit/debit cards used by the customers to make payments, AI-based solutions can be used to detect any fraudulent activity based on the previous behaviour and preferences of the users.
In two cases, we identified that the retailers were collecting data about the users' income, and in one situation, information about the education level was stored. Although it might seem harmless, this kind of data can encourage algorithms to provide a biased outcome that might result in PD. Moreover, in some of the privacy policies was mentioned that the company would store any data that the user provides, an aspect that raises concerns regarding the way the information is being processed and the output provided. Wiener highlighted in 1960 that "we had better be quite sure that the purpose put into the machine is the purpose which we really desire". Although this quote is more than 60 years old, it has a pearl of significant wisdom for the current status of automation, where narrow intelligence algorithms are using all the data provided and generate an outcome based on that, so developers should act with diligence and avoid any inappropriate data processing.
The achievement of the specific objectives O1.1. and O1.2. led to the accomplishment of the first general research objective formulated; thus, we were able to perform an analysis of how privacy can be affected by the usage of mobile shopping applications.
Aiming to achieve the specific objective O2.1. we conducted a brief analysis of the main elements that determine consumers to make impulse purchases, then we examined what permissions within the analysed mobile applications can be exploited by using AI techniques to encourage the impulse buying. We also identified permissions that can be used to improve the online shopping experience.
Shoppers tend to make more impulsive purchases in stores than online (First Insight, 2019), but the reasons behind this behaviour are not fully understood. Perceived experience and a series of organic variables are making consumers keener to engage in impulse purchasing (Liu, Li and Hu, 2013), and the current shift generated by the pandemic influenced the impulsive buying habits as well (Roggeveen and Sethuraman, 2020), so retailers should find appropriate ways to create favourable environments for the clients to embrace more online shopping. While browsing on websites using smartphones can be difficult for consumer, mobile applications are more user-friendly and provide a better online shopping experience.
The main attributes that facilitate the engagement in online impulse buying are: visual appeal, ease of use, product availability, facilitated payment process, promoting intensity, and a series of organic variables such as normative evaluation and instant gratification (Liu, Li and Hu, 2013;Leong, Jaafar and Ainin, 2018). Recommendation algorithms can improve impulse buying (Hostler, et al., 2011) by gathering the users' preferences and making predictions based on previous purchases. However, developers and retailers should keep in mind that impulse buying is unplanned and spontaneous, so they should avoid obnoxious advertising and send pop-ups or notifications only at a suitable time.
Two of the applications analysed have a permission called "Read battery statistics", which allows battery data collection and, in this way, developers can predict, with the use of ML algorithms, when it is a suitable time for sending notifications so they can receive more attention from the user. This is a low-level risk permission and companies should use it more to increase the exposure time. A permission called "Reorder running apps", identified in only five applications, can be exploited to gain the clients' attention and encourage impulsive buying behaviours by exposing more the user to that application. Another permission, "Control vibrations", is present in 81% of the cases analysed and the main purpose is to draw the users' attention to the notifications sent by the application so the developers can leverage this; however, this might be considered slightly intrusive. "Run at

Artificial Intelligence in Retail: Benefits and Risks Associated With Mobile Shopping Applications
startup", identified in 56% of the cases, allows the application to be more visible to the consumer and increases the chances of impulsive shopping, being an efficient feature to improve the chances of accessing the online store application. Nevertheless, this advertising should be carried out ethically, without severely influencing the control of the users.
One of the most accepted applications that AI provides is augmented reality (AR) to support the decisions of the users (Alves and Reis, 2020) like the tool created by IKEA, that customers can use to decide whether a particular piece of furniture or decoration will be suitable for their house. Analysing the data collected, we identified that 79% of the applications require the permission to take pictures and videos, most of them using this feature to allow the users to upload photos and videos with their reviews, but the companies can leverage this permission by using AR techniques to allow the customers to virtually try an outfit and reduce the return ratio for clothes, shoes, and accessories. Also, for skincare and cosmetics, pictures can be uploaded for the user to decide what makeup shade to select. Another practical application to improve the shopping experience is to put at the disposal of the client AI algorithms (natural image processing and ML) that will assist them in making the right decision when looking for a particular product, based on the client's preferences. For example, the user can upload a picture with a specific outfit (85% of the applications have the permission to read the storage space) and the algorithm can make suggestions by trying to find the best match available at that particular moment.
To increase the ease of use and improve the experience, the developers could leverage another permission identified in 11% of the cases, "Create accounts and set passwords", which allows the users to connect to a specific store, without manually having to create an account, by linking the new account to the personal data stored on the phone. Although the risk of this permission is medium, using it in a proper ethical manner, the users' personal data should be collected and stored transparently.
The achievement of the specific objective O2.2. imposed the analysis of permissions, which, along with AI, can support increasing the level of customer engagement. We started from the idea that improving customer engagement is a critical objective in the retail industry, and companies are now interested in introducing chatbots to facilitate the interactions and provide real-time availability to the users to handle their queries. In terms of functionality, these programs can use a text-based or voice-based search (speech to text transcription). As presented above, 21% of the applications analysed asked for permission to record audiothis feature can be used by the client to discuss with the chatbots or even to do vocal searches for the products needed. Also, the users can have the possibility to review whether their demand has been solved and if the output was in line with the expectations and, in this way, the ML algorithms behind the chatbots can improve after each interaction with the client and be able to generate personalised outputs. While chatbots' acceptance rate is still relatively low, trust can be increased by being transparent with the users.
Data analytics techniques available in the online shopping applications gather data regarding the time spent by a user viewing a particular item and also how many times the application has been accessed. As presented above, the majority of the applications studied had permission to control vibration to advise the user about the notifications received. Using ML algorithms, the companies can analyse if the advertising is intrusive or not and if it can affect the clients' behaviourfor example, it can be examined if the notifications are being deleted without accessing the data. In this way, the application can be programmed to send only several notifications per month instead of daily. By doing so, companies can improve the rating from the client by avoiding obnoxious advertising.

Conclusions
After conducting the current research, we were able to draw several conclusions regarding the practical implications and opportunities of using AI-based solutions for mobile shopping applications. From a total of 63 distinct permissions examined after analysing the 117 applications included in the study, we identified several permissions that retailers can use to enhance the online shopping experience, improve engagement, and encourage impulse buying. However, the majority of these permissions that can be successfully leveraged using AI-based solutions have been encountered only in a limited number of cases. Companies should focus more on mobile applications to facilitate the shopping experience being now able to provide a series of new services to their customers such as virtual fitting rooms, chatbots that can provide instant product recommendation and ML algorithms that search for a particular product after analysing an image provided by the user. One major drawback of the integration of AI in e-shopping seems to be the cost of adoption, an issue that we consider will start to fade once the number of AIaaS solutions increases. The majority of companies are already using a series of data analytics services provided by search engines, such as Google, to gather non-personal data about their clients, so the expectations are that most retailers will start on the medium-term leveraging AI-based solutions.
Another finding was that some of the applications ask for permissions that can affect the privacy of the users and if these permissions are exploited maliciously, they can even eavesdrop on the user, secretly collect data, and install malware programs on the personal smartphones or tablets. Therefore, it is essential for retailers when deploying AI solutions to keep in mind the customers' privacy, as data breaches pose both financial and reputational risks. Also, the statistical analysis performed showed that in the case of EU based companies, there is a lower number of total and possible harmful permissions, which highlights that these retailers might be a little more cautious regarding the privacy of individuals, even though similar regulations as in the EU started to be adopted by the majority of the countries worldwide.
After examining the privacy policies of the companies focusing on the types of data they can leverage to improve the ML algorithms for products recommendations and predict the future needs of the users, we identified that some of the companies are collecting data that can lead to biased or discriminatory algorithms, such as estimated income and level of education. Retailers have at their disposal a wide range of information to successfully develop algorithms, but they must collect only the data they will need for conducting business in an ethical manner.
Grasping AI-based solutions by embedding them in mobile shopping applications represent an excellent opportunity for retailers as the customers' preferences change and they opt for a personalised shopping experience more suitable to their needs. Since AI is a fastdeveloping technology, ethical and legal challenges are the main concern for researchers and developers. As the retail companies have a vast amount of structured and unstructured data at their disposal, they can lead the way in the development of ethical AI solutions that will be used for the individual and collective well-being.
In the relevant literature, the issue of privacy of the personal data provided by users represented an intensely researched topic (Rahman, et al., 2017;Bhat and Dutta, 2019; AE Artificial Intelligence in Retail: Benefits and Risks Associated With Mobile Shopping Applications Kröger and Raschke, 2019), as well as the analysis of the reasons that determine a consumer to make a purchase or not (Liu, Li and Hu, 2013;Leong, Jaafar and Ainin, 2018;Ho and Chung, 2020), including AI elements. However, we have not identified in the literature any study that analyses the potential of mobile application permissions to encourage the impulse buying, provide a better experience compared to visiting a physical store, and to increase customer engagement in an ethical manner, focusing on the personality and confidentiality of data provided by users to online retailers. Therefore, our study brings an element of originality to AI research in the field of retail.
The main limitation of this study is caused by the partial lack of transparency in the privacy policies, drafted by companies that use these applications for online shopping. Although these policies are public, companies, for competitiveness reasons do not fully present the processes in which they use anonymized user data; therefore, this aspect did not allow us to determine the possibility of developing subjective or discriminatory algorithms.
The present research can be continued in two directions: (1) extending the study over a more extended period to see to what extent the shopping experience has been improved as a result of using mobile applications for online commerce; and (2) analysing medium and high-risk permissions, through a comparative study in countries that have adopted GDPR and those that have not.