Delete it from your phone. 14.7 million installs and giving away your data

Experts from Oversecured, specializing in mobile application security, analyzed several items from Google Play. They focused on apps that are supposed to help users with their mental condition. It turned out that they contained a lot of holes. In total, over 1,500 vulnerabilities were detected.

In total, experts from Oversecured detected as many as 1,575 vulnerabilities in mobile applications in the Play Store.of which they considered 54 as serious, 538 as medium and 983 as low risk to user data. Let us remind you that we are talking about applications that can be described as medical, so they may contain sensitive data about users’ diseases.

• Mood & habit trakcer (over 10 million installations)
• AI therapy chatbot (over 1 million installations)
• AI emotional health platform (over 1 million installations)
• Online therapy & support community (over 1 million installations)
• Health & symptom tracker (over 500,000 installations)
• CBT-based anxiety app (over 500,000 installations)
• AI CBT chatbot (over 500,000 installations)
• Depression management tool (over 100,000 installations)
• Anxiety & phobia self-help (over 50 thousand installations)
• Military stress management (over 50,000 installations)

The most important problems of the mentioned applications include: the possibility of intercepting login data, saving data locally in a way that is accessible to other applications, or using the cryptographically dangerous “java.util.Random” class to generate session tokens and keys, which makes them easier to predict.

Moreover, most of the analyzed applications do not have a root detection mechanism. Therefore, on a rooted device, access to sensitive data is even easier.

Experts recommend using only proven applications. We should also limit the data we enter in this type of services and check the permissions of apps.