The new research, from the Universitat Rovira i Virgili, showed that around 80 percent of the more popular health applications, such as those available on Android, do not comply with minimum standards intended to prevent the misuse and dissemination of a users’ data. This matches other research that highlights the vulnerability of many health apps.
The research is based on a European cybersecurity study, which was launched in 2016. The research involves Dr. Agustí Solanas, who heads up the head of the Smart Health research group at the Universitat Rovira i Virgili’s Department of Computer Engineering and Mathematics. The research examines the more serious security problems.
With the new tranche of research, this considered the twenty most popular applications on the Internet. The research involved analyzing the security problems and communicating these to the software developers. The researchers later followed up on their concerns to determine if the security flaws had been resolved.
The selection criteria for the apps was those related to health or medicine, and which has been downloaded between 100,000 and 10 million times. The apps also needed to have a minimum rating of 3.5 out of 5. With each of these, the Spanish researchers intercepted, stored and monitored private data about various users’ health problems. In doing so, the researchers assessed how the applications communicated and stored information. The team also assessed which permissions an app required to operate, and how data was handled.
In most cases the results indicated the existence of serious security problems, especially with the way users’ data is handled. One issue of concern was that 50 percent of the apps shared data with third parties, with no option for the user to select or to block this function. Moreover, transmission was often by unsecured HTTP links.
The research has been published in the peer reviewed journal IEEE Access. The research paper is titled “Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice.”
