There are a ton of apps out there, each serving a specific need or purpose. This is why it isn’t surprising to learn that there are apps out there designed for our mental health. Unfortunately, researchers have found a bunch of mental health apps on Android riddled with vulnerabilities that are leaking your medical data.
These Android mental health apps are leaking your data
According to mobile security firm Oversecured, they have discovered at least ten different mental health apps for Android that have some serious vulnerabilities in them. These apps include mood and habit trackers, depression management tools, emotional health platforms powered by AI, anxiety and phobia self-help, and military stress management, just to name a few.
Combined, these apps have over 14 million installs. When Oversecured scanned these apps, they discovered a staggering 1,575 security vulnerabilities. 54 were rated as high severity. This suggests that these apps weren’t designed to be malicious. However, the way they were coded left vulnerabilities that attackers could take advantage of.
According to Oversecured, “Since these internal activities often handle authentication tokens and session data, exploitation could give an attacker access to a user’s therapy records.” The researchers also noted, “These apps collect and store some of the most sensitive personal data in mobile: therapy session transcripts, mood logs, medication schedules, self-harm indicators, and in some cases, information protected under HIPAA.”
Where does that leave users?
We get that many are turning to mobile apps to manage their mental health. Our phones are with us all the time. This makes it easy for us to get help in second. Or record our moods and what we’re feeling so we can revisit it later on.
However, the danger of these apps is exactly what the Oversecured researchers found. If you must use an app, make sure that it’s from a reputable developer or company. Don’t just download a random app that claims to help with your mental health.
Also, make sure that you’re not giving away sensitive personal information. This includes medical conditions that might otherwise be protected by HIPAA, your social security number, or financial details. This is because your medical data is basically money to these attackers.
As Oversecured founder Sergey Toshin notes, “On the dark web, therapy records sell for $1,000 or more per record, far more than credit card numbers.”
The post Your Mental Health App Could Be Leaking Therapy Records, and Hackers Know Their Value appeared first on Android Headlines.
0 Comments