The majority of health apps have insufficient security mechanisms to protect sensitive personal data, according to a new study.
Researchers at the University of Pireus in Greece and Rovia I Virgili University in Spain have penned a research paper exploring the devastating security flaws they have found in popular smartphone health apps.
They claims that the majority of health apps store personal information over insecure connections and that many of them also provide this information to third-parties for cash.
In the study, the researchers looked for security vulnerabilities in 20 free apps on the Google Play Store. Around 100,000 to 10 million people had downloaded the apps, which had a rating of more than 3.5 out of five.
The majority of health apps store personal information over insecure connections... many of them also provide this information to third-parties for cash
Shockingly (but perhaps not surprisingly) 80 per cent of these apps have handed over personal information to third-party organisations. Some of this data included images and X-rays.
The study also discovered that most of these apps fail to adhere to data protection laws and standards protecting users. This could become a major issue with the GDPR just around the corner.
A minority of the apps can access contact lists, GPS information, microphones and cameras as well, but users are often not aware of this.
The researchers got in touch with the app developers to warn them about these security risks. Some of them responded with bug fixes, but most ignored them and the security issues remain.
Professor Agusti Solanas, from Rovira I Virgili's department of computer engineering and mathematics, slammed the apps for their lacklustre approach to security.
"We strongly support the use of mobile health apps, but users must know that apps' popularity does not ensure privacy and security. People need to become more aware of the risks they are facing," he said.
Children as young as four to be taught about the dangers of social media
Bans already issued to hundreds of players who used offensive language
The site is perfectly situated for launching small satellites into orbit
Delegates at the ESOF 2018 conference were warned that their perceptions of the digital age were coloured by private industry