Exactly how secure are the mobile health apps we use? Arxan Technologies set out to find that answer with its 5th Annual State of Application Security report. The new research assessed 71 popular mobile health apps from the US, UK, Germany, and Japan. It also examined the perception of app users and app executives in regards to the level of confidence they have in the security of their applications. Arxan discovered a huge discrepancy between consumer confidence in the level of security and the degree to which organizations address known application vulnerabilities.
Below are some of the report’s key findings:
Mobile health apps approved by regulatory/governing bodies are just as vulnerable as other mobile apps. Eighty-four percent of the US FDA-approved apps tested did not adequately address at least two of the OWASP Mobile Top 10 Risks. Similarly, 80 percent of the apps tested that were formerly approved by the UK NHS did not adequately address at least two of the OWASP Mobile Top 10 Risks.
Most of the mobile health apps were susceptible to application code tampering and reverse-engineering. Ninety-five percent of the FDA-approved apps, and 100 percent of the apps formerly approved by the NHS, lacked binary protection, which could result in privacy violations, theft of personal health information, and tampering.