Intertrust Releases 2024 Security Report on Global mHealth App Threats

An audit of the top 100 Android and iOS healthcare apps revealed major threats, data leakages, cryptographic shortcomings, and other security breaches of healthcare mobile apps across the globe. These findings highlight the gaps in data security & pinpoint areas where massive improvement is required in the post-COVID 19 remote healthcare boost.

SAN FRANCISCO- September 29, 2020 - Intertrust is a leading company in application security solutions and digital rights management (DRM) technology. They released their 2020 Security Report on Global mHealth Apps. The crucial and invaluable findings showcased the vulnerability of mobile healthcare apps across the world. 71% of medical applications showed one critical shortcoming that could result in the breach of the user's medical data. The report put 100 global healthcare apps under the lens to study threatening mHealth security trends. Investigated apps ranged across various categories- COVID tracking, telehealth, medical device, and health commerce.

The most serious and prevalent issue was of Cryptography. About 91% of apps failed in at least one cryptographic test. Implying that the encryption used in most applications could be easily broken, increasing risk to patient's medical data. Such apps invite malicious hackers to tamper, steal, or use the data for personal use.

The study's conclusive findings revealed that the massive push to revolutionize remote healthcare apps in a COVID 19 world comes at the cost of mobile data security. 

Bill Horne, CTO at Intertrust and General Manager of Secure Systems product group commented on this "Unfortunately, there’s been a history of security vulnerabilities in the healthcare and medical space. Things are getting a lot better, but we still have a lot of work to do" He then expressed in a more positive note "The good news is that application protection strategies and technologies can help healthcare organizations bring the security of their apps up to speed."

The Intertrust security report on medical and healthcare mobile applications derived its findings on the basis of a detailed audit of 100 Android & iOS apps from worldwide organizations. All of the audited apps underwent a full host of Dynamic application security testing (DAST) and Static application security testing (SAST) based on the Open web application security project or OWASP mobile security testing. 

Some major highlights from the report: 

• 91% of medical apps have mishandled &/or have inefficient and weak encryptions that substantially increase the intellectual property theft and put the user data at risk.
• It was worrying to note that 85% of COVID 19 tracking apps leaked data. 
• 83% of the discovered high-level threats could have been easily managed with the use of app protection technologies like tampering detection, code obfuscation, and white-box cryptography. 
• Out of the tested apps, 71% showed at least one major soft spot in their security.
• 60% of the tested Android apps were storing information in SharedPreferences, leaving data unprotected and unencrypted. Most applications had some issues with data storage security. 
• 28% of iOS apps and 34% of Android applications are vulnerable to encryption key extraction.

Details on medical application protection can be found here

About Intertrust

Intertrust provides services and trusted computing products to consumer electronics, service providers, IoT manufacturers, mobile app industry leaders, and enterprise software platform companies. Products include software tamper resistance, the world's top digital rights management (DRM), and technologies to enable private data exchanges for many verticals including automotive, fintech, energy, entertainment, IoT, and retail/marketing. Founded in 1990 and headquartered in Silicon Valley with offices in London, Tokyo, Bangalore, Mumbai, Seoul, Beijing, Riga, and Tallinn. Intertrust has a renowned legacy of creative innovation and contributions in the area of digital trust and computer security. We hold hundreds of patents that are critical to privacy management components of OS, trust, internet security, trusted mobile code and network operating environments, cloud computing, and web services.
 

By Aman Gaur

Aman, an IT Engineer, combines tech passion and cinephilia in his roles as a content writer and core marketing professional at MobileAppDaily. He crafts blogs, articles, PR, and devises content marketing strategies.