New findings in the research report “All That We Let In” (press release and study link) show that fully 100% of the 30 popular mHealth apps analyzed by Approov and cybersecurity researcher Alissa Knight are vulnerable to API attacks that can allow unauthorized access to full patient records including protected health information (PHI) and personally identifiable information (PII). The study underscores the API shielding actions now urgently required to protect mHealth apps from API abuse. The researcher estimates that an average of 23 million mHealth users are potentially exposed from the 30 apps, and says that given that 318,000 mHealth apps are now available on major app stores and the pandemic is driving the growing use of mHealth apps, that number impacted is likely far greater.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.