Skip to main content

Table 2 Security vulnerabilities affecting data storage and transmission

From: Unaddressed privacy risks in accredited health and wellness apps: a cross-sectional systematic assessment

Security vulnerability class [49] Type All apps, n = 79 (%)
Insecure data storage Unencrypted data storage (of any data) 73 (92 %)
  Unencrypted username/password 8 (10 %)
  Unencrypted personal or sensitive informationa 42 (53 %)
Insufficient transport layer protection Identifying information sent without encryptionb 23 (29 %)
  Sensitive information sent without encryption 6 (8 %)
Unintended data leakage Username/password captured in network cache or log 2 (3 %)
  Health-related information sent to third parties 8 (10 %)
  Fixed device identifier used as user identifier 9 (11 %)
Weak server-side controls Unencrypted access to server-side API 16 (20 %)
  Access to user data without authorization 2 (3 %)
  1. aExcluding username and password; bconsidering strong identifiers only