Security News > 2021 > February > Mobile Health Apps Found to Expose Records of Millions of Users
An analysis of 30 popular mobile health applications has revealed that all of them expose the full patient records of millions of people.
With people increasingly relying on mHealth apps during the COVID-19 pandemic, researchers observed that such apps are now generating more user activities compared to other mobile apps.
The research study, All That We Let In - Hacking 30 Mobile Health Apps and APIs, is based on the analysis of 30 popular mHealth apps, with an average number of downloads of approximately 772,000.
The number of affected users is likely much higher, considering that there are over 300,000 mHealth apps available at the moment on major app stores, the researcher says.
Half of the APIs did not authenticate requests with tokens and one quarter of the apps were not secured against reverse engineering.
The report also provides recommendations for mobile app developers to adopt a series of steps to ensure the protection of customer data and sensitive resources, such as ensuring the security of both the app and APIs, secure the development process and harden apps, implement certificate pinning to protect against MitM attacks, monitor implemented controls, and perform penetration testing.