Mobile Health Applications Put the Personal Data of Millions of Users at Risk

80% of the most popular health applications available on Android do not comply with standards intended to prevent the misuse and dissemination of their users' data. This is the finding of a European study started in 2016 and involving Agustí Solanas, head of the Smart Health research group at the URV's Department of Computer Engineering and Mathematics, and researchers from the University of Piraeus (Greece) headed by Constantinos Patsakis. The research has brought to light evidence of serious security problems regarding the twenty most popular applications on the internet. The research consisted of analysing the security problems, communicating them to the software developers and then checking them to see if they had been resolved.

The applications chosen by the researchers had been downloaded between 100,000 and 10 million times and had a minimum rating of 3.5 out of 5. To analyse their levels of security, the researchers intercepted, stored and monitored private data relating to users' health problems, illnesses and medical records. The researchers analysed how the applications communicated, how they stored information, which permissions they required to operate, and how they handled the data. The results showed the existence of serious security problems in the way users' data were handled.

Only 20% of the applications stored the data on the user's smartphone, and one in two requested and administered passwords without using a secure connection. The researchers also found that 50% of the applications shared data with third parties, including text, multimedia content or X-ray images.

More than half transferred users' health data via HTTP links, which means that anybody with access can get their hands on the data. 20% of the applications did not inform the user of any privacy policy or the content was not available in English, the language of the application. Others requested access to geolocation, microphones, cameras, contact lists, external storage cards and Bluetooth, even though the application did not need access to these data to operate.

Information for businesses

On completing the analysis, the researchers contacted the software developers to inform them of the security problems. After waiting for a given period, they then analysed the same parameters and found that although some of the security issues had been fixed (e.g. insecure health data transfers or the ability to identify users via insecure data transfers to third parties), other problems such as data leaks regarding the use of the application had not been resolved.

The research has been partially funded by the European OPERANDO project (as part of the H2020 programme) and has also received funding from the COST programme (Cooperation in Science and Technology) through Acció Cryptacus.

A Papageorgiou, M Strigkos, E Politou, E Alepis, A Solanas, C Patsakis.
Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice.
IEEE Explore. DOI: 10.1109/ACCESS.2018.2799522.

Most Popular Now

How Blockchain Technology will Change th…

Opinion Article by Michael Krusche, founder and CEO of K&C. Let's imagine a world where all medical information about a patient is securely kept within a single system, and they can...

mHealth as Effective as Clinic-Based Int…

A mobile health (mHealth) intervention was found to be as effective as a clinic-based group intervention for people with serious mental illness in a new study published online in Psychiatric...

Mobile Health Technology can Potentially…

Mobile health technology has the potential to transform the way we prevent and manage heart disease, but there are unanswered questions about how to optimize this technology and maintain engagement...

New Computational Tool could Help Optimi…

Scientists have developed a novel computational approach that incorporates individual patients' brain activity to calculate optimal, personalized brain stimulation treatment for Alzheimer's disease. Lazaro Sanchez-Rodriguez of the University of Calgary...

First Call for Science and Technology at…

Participate in the first ever ESC Digital Health Call for Technology, for the chance to present your innovations, your technology or your products at ESC Congress 2018 in front of...

Siemens Healthineers Assists Swiss Post …

To expand its portfolio in the area of eHealth, Swiss Post will make use of the Siemens Healthineers eHealth Solutions(1) in the future. The eHealth solution offered by Swiss Post...

Philips Expands its Therapeutic Care Bus…

Royal Philips (NYSE: PHG, AEX: PHIA), a global leader in health technology, announced that it has acquired Remote Diagnostic Technologies (RDT), a UK-based leading innovator of advanced solutions for the...

Joined-Up Health & Care Conference M…

InterSystems, a global leader in health information technology, will be celebrating a double anniversary at its annual Joined-Up Health & Care conference. This year’s event at The Belfry, Sutton Coldfield...

Ingestible 'Bacteria on a Chip' could He…

MIT researchers have built an ingestible sensor equipped with genetically engineered bacteria that can diagnose bleeding in the stomach or other gastrointestinal problems. This "bacteria-on-a-chip" approach combines sensors made from...

FDA Takes New Steps to Advance Digital H…

Today, the FDA is opening a docket to solicit feedback on important provisions of the 21st Century Cures Act ("Cures Act"). The Cures Act amended the Federal Food, Drug, and...

Mobile App for Autism Screening Yields U…

A Duke study of an iPhone app to screen young children for signs of autism has found that the app is easy to use, welcomed by caregivers and good at...

Open Call MSCA-IF-2018: Individual Fello…

The goal of the Individual Fellowships is to enhance the creative and innovative potential of experienced researchers, wishing to diversify their individual competence in terms of skill acquisition through advanced...