As previously reported in this blog many medical apps are insecure and leak your personal and health data.
Now further Research from the MIT, Harvard, and Carnegie-Mellon universities confirms that Apps on Apple and Android smartphones leak lots of users’ information to third parties.
Of particular concern was the finding that some medical, health and fitness apps the researchers studied shared search terms and user inputs with third parties. For example, the very popular health app – Drugs.com shared medical information – including words such as “herpes” – with five third-party domains, including doubleclick.net and googlesyndication.com.
The Android apps were most likely to leak data to Google and Facebook, with the most leaky being Text Free, which offers free calls and text over wi-fi and sent data to 11 third-party domains.
The most leaky iOS app was Localscope, a location browser, which sent data to 17 third-party domains.
The research also found that 93% of the Android apps tested connected to the domain safemovedm.com.
“The purpose of this domain connection is unclear at this time; however, its ubiquity is curious,” wrote the researchers.
A further concern was that when the phone was used normally without running any app, connections to safemovedm.com continued.
With the UK draft legislation for data retention this could be a problem because even if you have never visited these websites, they would be indistinguishable from your actual web-browsing activity and this would allow the security services to make assumptions about browsing habits which are not correct.