How spammers get your data from health and fitness apps?

by Helen Johnson | November 20, 2017 1:37 pm

Do you have a health and fitness application[1] installed on your smartphone? Do you monitor your sleep cycles, count calories and track your activity using an application? Or do you have a fitness tracker?

Nowadays, the mHealth industry is developing fast. According to Statista, the statistics portal, by 2020 the global mHealth market value is expected to reach 58,8 billion U.S. dollars. And the variety of available health and fitness applications will grow too. The report prepared by IMS Institute for Healthcare Informatics says that more than 165,000 mobile health and medical applications are now available on the market.

The majority of them are dedicated to general wellness aspects, e.g., fitness, nutrition and diet, lifestyle, and stress. Other applications are focused on specific health conditions, medication info, and women’s health. According to Statista, the most popular health and fitness application in the US as of July 2017 are Fitbit (11,1%), S Health for Samsung devices (6,2%), MyFitnessPal (5,5%), Google Fit (1%). For end users, mHealth solutions provide a useful functionality[2] and enable them to monitor and improve their wellbeing.

Apart from that, the majority of current health and fitness applications has one thing in common. That is security vulnerabilities[3]. According to Arxan, the application security company, 90% of 126 the most popular mobile health and fitness apps, that were analyzed, have poor security systems. The company surveyed 268 IT executives and 815 users of mHealth solutions from the US, Germany, and Japan. 87% of executives and 83% of users are sure that the apps they are using are secured properly. However, 46% of executives and 48% of users answer “yes” to the question whether their apps can be hacked in the next six month. And they are right.

There is one more security pitfall. In terms of privacy policies, The Future of Privacy Forum, the non-profit organization for privacy protection, reports that only 60% of health and fitness applications have privacy policies. And in comparison to free apps, the paid ones provide their users with even worse privacy policies. What does that mean? The privacy policy absence signalizes that the company developed an app has no restrictions in managing end users’ personal data. Besides, the company does not guarantee that the data will be kept private. In the majority of cases, the data is sold to the marketing and advertising agencies.

The most common security vulnerabilities are low control of server-side, unprotected data storage, low security of authorization and authentication, and client-side injections. These issues are caused by low or even zero mobile app security budget. Taking into account the recent activation of hackers and the presence of malicious code in a number of mobile devices, it is not a big deal to gain unauthorized access to your personal and confidential data.

So mind what app your download and whether it has a proper privacy policy. Let’s be on the safe side and keep own data private.

Related Posts:

Endnotes:
  1. health and fitness application: http://qatestlab.com/resources/case-studies/healthcare/
  2. functionality: http://qatestlab.com/services/manual-testing/functional-testing/
  3. security vulnerabilities: http://qatestlab.com/services/test-automation/penetration-testing/
  4. API Economy: How to Build Secure Business on Platform: http://blog.qatestlab.com/2017/07/12/api-secutiry-threats/
  5. Can cyber security culture ensure hacker’s wipeout?: http://blog.qatestlab.com/2017/06/01/cyber-security-culture/
  6. Security Testing Tools You Need to Know About: http://blog.qatestlab.com/2017/04/26/security-testing-tool/
  7. Hacking: Pluses and Minuses: http://blog.qatestlab.com/2017/04/20/hacking-pluses-minuses/
  8. What Are the Threats of Software Products?: http://blog.qatestlab.com/2017/03/22/software-products-threats/

Source URL: http://blog.qatestlab.com/2017/11/20/fitness-app-security/