Mobile Health Applications Put the Personal Data of Millions of Users at Risk

80% of the most popular health applications available on Android do not comply with standards intended to prevent the misuse and dissemination of their users' data. This is the finding of a European study started in 2016 and involving Agustí Solanas, head of the Smart Health research group at the URV's Department of Computer Engineering and Mathematics, and researchers from the University of Piraeus (Greece) headed by Constantinos Patsakis. The research has brought to light evidence of serious security problems regarding the twenty most popular applications on the internet. The research consisted of analysing the security problems, communicating them to the software developers and then checking them to see if they had been resolved.

The applications chosen by the researchers had been downloaded between 100,000 and 10 million times and had a minimum rating of 3.5 out of 5. To analyse their levels of security, the researchers intercepted, stored and monitored private data relating to users' health problems, illnesses and medical records. The researchers analysed how the applications communicated, how they stored information, which permissions they required to operate, and how they handled the data. The results showed the existence of serious security problems in the way users' data were handled.

Only 20% of the applications stored the data on the user's smartphone, and one in two requested and administered passwords without using a secure connection. The researchers also found that 50% of the applications shared data with third parties, including text, multimedia content or X-ray images.

More than half transferred users' health data via HTTP links, which means that anybody with access can get their hands on the data. 20% of the applications did not inform the user of any privacy policy or the content was not available in English, the language of the application. Others requested access to geolocation, microphones, cameras, contact lists, external storage cards and Bluetooth, even though the application did not need access to these data to operate.

Information for businesses

On completing the analysis, the researchers contacted the software developers to inform them of the security problems. After waiting for a given period, they then analysed the same parameters and found that although some of the security issues had been fixed (e.g. insecure health data transfers or the ability to identify users via insecure data transfers to third parties), other problems such as data leaks regarding the use of the application had not been resolved.

The research has been partially funded by the European OPERANDO project (as part of the H2020 programme) and has also received funding from the COST programme (Cooperation in Science and Technology) through Acció Cryptacus.

A Papageorgiou, M Strigkos, E Politou, E Alepis, A Solanas, C Patsakis.
Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice.
IEEE Explore. DOI: 10.1109/ACCESS.2018.2799522.

Most Popular Now

Bayer Accelerates Six New Startups

Changing the experience of health: that's the focus of the six startups which the Bayer G4A team has included in the Accelerator program this year. The young companies from Canada...

Cerner Teams-Up with North London Partne…

Cerner has announced a new collaboration with North London Partners (NLP) - a partnership of health and care organisations across five London boroughs - to connect care information, share records...

Artificial Intelligence could Help Tackl…

Scientist from King’s College London believe that Artificial Intelligence could hold the key to identifying the best way to treat the country’s biggest killer, coronary heart disease (CHD). And now...

Researchers Use AI to Successfully Treat…

A translational research team led by the National University of Singapore (NUS) has harnessed CURATE.AI, a powerful artificial intelligence (AI) platform, to successfully treat a patient with advanced cancer, completely...

Greater Manchester Health and Social Car…

Greater Manchester Health and Social Care Partnership(GMHSC Partnership) aims to deliver rapid savings and identify how the cloud can support the region’s devolved vision for integratedhealth and careservices through work...

Philips Launches New Cardiac Ultrasound …

Royal Philips (NYSE: PHG, AEX: PHIA), a global leader in health technology, today introduced the EPIQ CVx cardiovascular ultrasound system. Built on the powerful EPIQ ultrasound platform, EPIQ CVx is...

Orion Health Secures Place on Framework …

Orion Health has secured a place on a framework contract that will give health and care organisations easier access to the technology they need to deliver the NHS reform agenda...

Nottingham University Hospitals Switches…

Nottingham University Hospitals NHS Trust has completed a complex project to switch integration engines; on time, on budget, and with no disruption to services. The trust has a well-advanced 'best...

An Avatar Uses Your Gait to Predict How …

Humans instinctively adopt the gait that requires the least amount of energy given the walking conditions. Without realizing it, we are constantly tweaking our pace, stride length and foot lift...

Study on Cross-Border Health Services: E…

The overall objective of this study was to propose recommendations for improving the current level of information provision to patients by National Contact Points (NCPs). The research methodology used in...

Social Media in the Pharmaceutical Indus…

21 - 23 January 2019, London, UK. SMi Group are delighted to present the return of their 11th annual Social Media in the Pharmaceutical Industry conference to London on the 21st...

Kids Connect with Robot Reading Partners

Kids learn better with a friend. They're more enthusiastic and understand more if they dig into a subject with a companion. But what if that companion is artificial? Researchers at...