Mobile health apps are subject to big security and privacy problems, says a new study by mobile app security developer Axran Technologies Inc. The survey finds that 55% of consumers expect their primary medical, wellness or fitness app to be hacked in six months or less.

In 2015 more than 3 billion healthcare apps were downloaded from the Apple App Store and Google Play, says Axran. But an Axran analysis of 71 popular health apps approved by the U.S. Food and Drug Administration finds that most of those apps do contain up to 10 major security flaws. Those flaws include insecure data storage, broken or weak encryption and inadequate identification authorization and authentication. Most health apps have significant vulnerabilities, says Axran chief technology officer Sam Rehman.

Consumers are aware of the potential that unauthorized individuals will be able to access the sensitive medical information they store within health apps, the study says.

But app developers, including information technology managers responsible for app development within their healthcare organizations, believe their protection measures are adequate. The survey found that 81% of technology managers believe their mobile apps are secure and 56% believe they are taking the necessary precautions to protect apps. But Axran, which says its mobile app protection application is now deployed on more than 500 million devices across a broad range of industries including healthcare, says many health apps have at least two major security defects, such as inadequate encryption. Additionally only 50% of companies had earmarked funding for improving mobile app security, according to Axran. Many companies just arent investing in mobile app security, Rehman says.

The Axran study is one in a series of reports critical of mobile medical app data security and privacy. Trustworthy Health and Wellness researchers, a project funded by the National Science Foundation, recently conducted several studies of Android health apps to evaluate how apps handle medical data, and researchers found a variety of vulnerabilities that a malicious party could exploit to gain access to sensitive data. For example, a patient’s insulin pump may accept dosage instructions from unauthorized smartphones that have been infected with malicious software. A patient’s fertility-tracking app also could exposed data to nearby strangers as it probes for a Bluetooth device to connect with.


Of the 22 health apps studied by Trustworthy and Wellness researchers 63% sent the data in an unencrypted form, leaving them vulnerable to access by outside parties.

To develop more secure mobile health apps corporate IT managers should consider new security priorities and consumers should only download apps from an established app store, Axran says.

The majority of risks are happening at the application level but corporate spending is largely focused on networks and data, Rehman says. Consumers should get apps only from authorized app stores since they have some security protocols in place to ensure apps can be trusted. The Axran survey included a response from 815 consumers that use mobile health apps consistently and 268 corporate information technology mangers in Germany, Japan, the U.S. and the United Kingdom.