NHS-Approved Health Apps Found to be Leaking User Data

By James O Malley on at

How secure is your health data? A new study has suggests that health apps are not meeting the standards you might expect and exposing your data to increased risk of hacking or identity theft. What's even more worrying is that the apps in the study were all NHS approved.

Computer Weekly reports that researchers at Imperial College tested the 79 apps listed on the NHS Health Apps Library, which is a website designed to point the public at phone applications which can help them stay healthy.

The bad news is that it found that 89% of the apps listed transmit information to online services (no surprises there), and only 66% of apps encrypted the data when it uploaded it. It has also emerged that a big fat zero of the app encrypted the data stored locally on the phone too - meaning that if hackers could get into your phone, or if your phone got pinched and someone was able to mount it on a computer, they could conceivably dig up all of your data stored on the phone itself.

The report was pretty damning, adding that "Two cloud-based apps had critical privacy vulnerabilities; weaknesses of design that could be intentionally exploited to obtain user information. As long as these vulnerabilities persist, the privacy of users is in jeopardy".

The one slither of good news is that despite 20% of the apps tested lacking a privacy policy (who reads those anyway?), none of the apps were found transmitting data that they promised not to. So, for example, a step-counting app probably wasn't digging through your photos too.

Weirdly apparently to get listed on the NHS website all of the apps had been "certified" as "clinically safe" and "trustworthy".

Expect to see this story splashed on the front page of tomorrow's Daily Mail too, blowing it all out of proportion. [Computer Weekly]