Health apps have become popular in the corona pandemic. However, during an investigation, the Federal Office for Information Security found that the providers sometimes leave gaps in the handling of data.
The Federal Office for Information Security (BSI) found numerous weaknesses in an investigation of health apps.
According to a BSI report, six out of seven thoroughly tested apps transmitted passwords in clear text to authentication services. None of the apps fully met the security requirements of the BSI guidelines for health apps.
Also interesting: 17 Apps You Should Delete from Your Smartphone Right Away
Dealing with data security in health apps inadequate
The office, which also takes care of the data security of the federal government, criticized the find. “From the point of view of technical IT security, this result must at least be rated as critical, especially in view of the fact that a significant proportion of health apps process sensitive and particularly sensitive data. Because, according to the findings of the study, this does not adequately protect the users’ data against attacks. “
BSI expert Nicolas Stöcker said that the damage would be “initially manageable” if the identified loopholes were exploited. “If an attack takes place here, it always affects a single user, a single person. It would be worse if the backend, where the data is kept, were also insecure. ”According to its own statement, the authority has a corresponding further investigation“ on the screen ”for the future.
At the same time, BSI President Arne Schönbohm emphasized that the deficiencies found in the health apps are also dangerous. “Every hole that is there, every weak point that is there has somehow been exploited at some point.” The lack of processes to remedy security holes results in a “significant risk”. In some cases, the applications only meet the normal level of security requirements, “like when I leave the house, I close the door and don’t leave it open”.
BSI informs affected providers
The BSI does not name any of the apps examined. After a market analysis, the experts selected seven applications for the in-depth examination. On the one hand, these process sensitive data and, on the other hand, they are widespread. They are currently working with the providers to close the gaps in the health apps. “If we see that this is not being remedied, we reserve the right to issue a corresponding product warning,”.