According to the authors of a recent study, nearly 90% of the more than 20,000 mobile health apps evaluated in the study have easy access to proprietary user health data such as heart rate, blood sugar levels, and other sensitive information.
As author Brian Dunleavy recently reported for United Press International, a startling number–nearly 90%–of the apps studied used third-party services to collect data, while 56% used similar third-party services for data transmission. Of those transmissions, almost one quarter occurred on unsecured communications channels.
While the authors of the survey could not prove conclusively that the apps had shared data with improper outsiders, the key message from the authors of the study is that these mobile health apps, which are used by millions across the world, are often lax with their privacy disclosures that would help users make better choices about how their data is shared. You can read the full report at the BMJ here.
In en email to UPI, study co-author Muhammad Ikram said that, “overall, data collection practices of health apps were far from transparent and secure, and its scope was beyond what is publicly disclosed by app developers in their privacy policies. The key issue is that it is unclear how this data is being used and whether or not it is protected as it should be.”
While this will (and should) set off alarm bells for some people, this news need not be the end of your enterprise mobility work. In fact, we’d compare this to a recent report from the financial services sector that we wrote about last month.
In that report, Lookout research showed that exposure to phishing via mobile apps in the financial services sector has increased faster than new app adoption would suggest. Our takeaways there were that, for one, security must be top-of-mind in your enterprise mobility strategy, and also that employees are ultimately your front line against social engineering attacks like phishing.
Our takeaways here are slightly different, but similar in nature: for apps that you curate and put in your App Store, your development team must take a long, hard look at what type of data is collected, stored, and shared by the apps your employees use. And likewise, the security of your mobility strategy is only as strong as its weakest link. It’s essential that you continue to educate your employees and other users about how to keep a watchful eye on the type of data they share, and what apps they download, whether they’re in your enterprise App Store or not.
Security in today’s environment is, as many of us know, an ongoing challenge. But, a little bit of due diligence goes a long way towards keeping your (and your users’) data safe. This recent report from BMJ is yet another reminder of the importance of knowing where your data goes and how it’s used.