The majority of health apps have insufficient security mechanisms to protect sensitive personal data, according to a new study.
Researchers at the University of Pireus in Greece and Rovia I Virgili University in Spain have penned a research paper exploring the devastating security flaws they have found in popular smartphone health apps.
They claims that the majority of health apps store personal information over insecure connections and that many of them also provide this information to third-parties for cash.
In the study, the researchers looked for security vulnerabilities in 20 free apps on the Google Play Store. Around 100,000 to 10 million people had downloaded the apps, which had a rating of more than 3.5 out of five.
The majority of health apps store personal information over insecure connections... many of them also provide this information to third-parties for cash
Shockingly (but perhaps not surprisingly) 80 per cent of these apps have handed over personal information to third-party organisations. Some of this data included images and X-rays.
The study also discovered that most of these apps fail to adhere to data protection laws and standards protecting users. This could become a major issue with the GDPR just around the corner.
A minority of the apps can access contact lists, GPS information, microphones and cameras as well, but users are often not aware of this.
The researchers got in touch with the app developers to warn them about these security risks. Some of them responded with bug fixes, but most ignored them and the security issues remain.
Professor Agusti Solanas, from Rovira I Virgili's department of computer engineering and mathematics, slammed the apps for their lacklustre approach to security.
"We strongly support the use of mobile health apps, but users must know that apps' popularity does not ensure privacy and security. People need to become more aware of the risks they are facing," he said.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software