Skip to main content

Table 2 Security vulnerabilities affecting data storage and transmission

From: Unaddressed privacy risks in accredited health and wellness apps: a cross-sectional systematic assessment

Security vulnerability class [49]

Type

All apps, n = 79 (%)

Insecure data storage

Unencrypted data storage (of any data)

73 (92 %)

 

Unencrypted username/password

8 (10 %)

 

Unencrypted personal or sensitive informationa

42 (53 %)

Insufficient transport layer protection

Identifying information sent without encryptionb

23 (29 %)

 

Sensitive information sent without encryption

6 (8 %)

Unintended data leakage

Username/password captured in network cache or log

2 (3 %)

 

Health-related information sent to third parties

8 (10 %)

 

Fixed device identifier used as user identifier

9 (11 %)

Weak server-side controls

Unencrypted access to server-side API

16 (20 %)

 

Access to user data without authorization

2 (3 %)

  1. aExcluding username and password; bconsidering strong identifiers only