mHealth apps do not provide adequate security when sending information

Mobile health (mHealth) applications are becoming an increasingly used avenue for patients and providers to send data, but many apps do not provide proper security when transmitting data, according to a study published in the Journal of Medical Internet Research.

mHealth apps cover a broad range of medical uses from collecting data on sleep to measuring heart rhythms. But the increasing popularity of these apps could be putting patient’s data at risk due to lax security. In this study, researchers examined the security measures in mHealth apps to measure their ability to safely transmit patient data.

Security characteristics pertaining to the transmitting security were used to develop a prototype platform used to test a total of 53 of the most downloaded free apps. Results showed 21 of the apps failed to ensure data security. Additionally, 18 apps leaked private information or were shown to compromise the confidentiality between the app and server, and 17 apps used unprotected connections. Two failed to validate certificates. Many of the apps also allowed analytics or advertising, which further harmed privacy.

“The tests show that many mHealth apps do not apply sufficient transport security measures,” concluded first author Jannis Müthing, BSc, with the University of Applied Sciences and Arts Dortmund in Germany. “The most common security issue was the use of any kind of unprotected connection. Some apps used secure connections only for selected tasks, leaving all other traffic vulnerable.”