Mobile Health Applications Put the Personal Data of Millions of Users at Risk

80% of the most popular health applications available on Android do not comply with standards intended to prevent the misuse and dissemination of their users' data. This is the finding of a European study started in 2016 and involving Agustí Solanas, head of the Smart Health research group at the URV's Department of Computer Engineering and Mathematics, and researchers from the University of Piraeus (Greece) headed by Constantinos Patsakis. The research has brought to light evidence of serious security problems regarding the twenty most popular applications on the internet. The research consisted of analysing the security problems, communicating them to the software developers and then checking them to see if they had been resolved.

The applications chosen by the researchers had been downloaded between 100,000 and 10 million times and had a minimum rating of 3.5 out of 5. To analyse their levels of security, the researchers intercepted, stored and monitored private data relating to users' health problems, illnesses and medical records. The researchers analysed how the applications communicated, how they stored information, which permissions they required to operate, and how they handled the data. The results showed the existence of serious security problems in the way users' data were handled.

Only 20% of the applications stored the data on the user's smartphone, and one in two requested and administered passwords without using a secure connection. The researchers also found that 50% of the applications shared data with third parties, including text, multimedia content or X-ray images.

More than half transferred users' health data via HTTP links, which means that anybody with access can get their hands on the data. 20% of the applications did not inform the user of any privacy policy or the content was not available in English, the language of the application. Others requested access to geolocation, microphones, cameras, contact lists, external storage cards and Bluetooth, even though the application did not need access to these data to operate.

Information for businesses

On completing the analysis, the researchers contacted the software developers to inform them of the security problems. After waiting for a given period, they then analysed the same parameters and found that although some of the security issues had been fixed (e.g. insecure health data transfers or the ability to identify users via insecure data transfers to third parties), other problems such as data leaks regarding the use of the application had not been resolved.

The research has been partially funded by the European OPERANDO project (as part of the H2020 programme) and has also received funding from the COST programme (Cooperation in Science and Technology) through Acció Cryptacus.

A Papageorgiou, M Strigkos, E Politou, E Alepis, A Solanas, C Patsakis.
Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice.
IEEE Explore. DOI: 10.1109/ACCESS.2018.2799522.

Most Popular Now

ChatGPT can Produce Medical Record Notes…

The AI model ChatGPT can write administrative medical notes up to ten times faster than doctors without compromising quality. This is according to a new study conducted by researchers at...

Alcidion and Novari Health Forge Strateg…

Alcidion Group Limited, a leading provider of FHIR-native patient flow solutions for healthcare, and Novari Health, a market leader in waitlist management and referral management technologies, have joined forces to...

Can Language Models Read the Genome? Thi…

The same class of artificial intelligence that made headlines coding software and passing the bar exam has learned to read a different kind of text - the genetic code. That code...

Study Shows Human Medical Professionals …

When looking for medical information, people can use web search engines or large language models (LLMs) like ChatGPT-4 or Google Bard. However, these artificial intelligence (AI) tools have their limitations...

Advancing Drug Discovery with AI: Introd…

A transformative study published in Health Data Science, a Science Partner Journal, introduces a groundbreaking end-to-end deep learning framework, known as Knowledge-Empowered Drug Discovery (KEDD), aimed at revolutionizing the field...

Bayer and Google Cloud to Accelerate Dev…

Bayer and Google Cloud announced a collaboration on the development of artificial intelligence (AI) solutions to support radiologists and ultimately better serve patients. As part of the collaboration, Bayer will...

Shared Digital NHS Prescribing Record co…

Implementing a single shared digital prescribing record across the NHS in England could avoid nearly 1 million drug errors every year, stopping up to 16,000 fewer patients from being harmed...

Ask Chat GPT about Your Radiation Oncolo…

Cancer patients about to undergo radiation oncology treatment have lots of questions. Could ChatGPT be the best way to get answers? A new Northwestern Medicine study tested a specially designed ChatGPT...

North West Anglia Works with Clinisys to…

North West Anglia NHS Foundation Trust has replaced two, legacy laboratory information systems with a single instance of Clinisys WinPath. The trust, which serves a catchment of 800,000 patients in North...

Can AI Techniques Help Clinicians Assess…

Investigators have applied artificial intelligence (AI) techniques to gait analyses and medical records data to provide insights about individuals with leg fractures and aspects of their recovery. The study, published in...

AI Makes Retinal Imaging 100 Times Faste…

Researchers at the National Institutes of Health applied artificial intelligence (AI) to a technique that produces high-resolution images of cells in the eye. They report that with AI, imaging is...

GPT-4 Matches Radiologists in Detecting …

Large language model GPT-4 matched the performance of radiologists in detecting errors in radiology reports, according to research published in Radiology, a journal of the Radiological Society of North America...

Latest Business News

Latest Research News

Latest Conferences News

Latest Jobs