Potential security risk from health and fitness apps

The number of people using health and fitness apps is on the rise but a report from data security firm Symantec found significant privacy flaws in many popular apps. For instance:

  • Many mobiles and their users could be tracked based on a unique identifier transmitted by the device;
  • 20% of apps examined transmitted sensitive data e.g. username and passwords in clear text;
  • Some apps used very low level and easily crackable types of security.
  • Several apps exposed other personal information e.g. email addresses.
  • Many apps shared information with third parties.

Whilst it may not seem all that important if hackers gain access to a user’s step count history, Symantec’s researchers pointed out that many people reuse the same usernames and passwords across multiple sites.

Personal health and fitness tracking will almost certainly continue to grow and with Apple, Google, Samsung and IBM already having developed tools that will allow health data to be pooled making it suitable for medical reserach, security needs to be a top priority for all app developers.

Symantec suggests that anyone using mobile health and fitness apps should:

  • Use a screen lock or password to prevent unauthorized access to your device
  • Do not reuse the same username and password between different sites
  • Use strong passwords
  • Turn off Bluetooth when not required
  • Be wary of sites and services asking for unnecessary or excessive information
  • Be careful when using social sharing features
  • Avoid sharing location details on social media
  • Avoid apps and services that do not prominently display a privacy policy
  • Read and understand the privacy policy
  • Install app and OS updates when available
  • Use a device-based security solution
  • Use full device encryption if available
Posted in Apps, Functional programming, Security, Software Development, Technology, Uncategorized, Validation