Multiple mental health mobile apps on Google Play contain security vulnerabilities that could expose users’ sensitive therapy and medical information. Oversecured’s analysis of ten apps uncovered 1,575 issues — including high- and medium-severity flaws like Intent.parseUri misuse, insecure local storage, plaintext configuration data, and weak token generation — and researchers cannot confirm whether fixes have been applied. #Oversecured #GooglePlay #BleepingComputer #Firebase #HIPAA
Keypoints
- Multiple popular mental health apps on Google Play contain vulnerabilities that risk exposing therapy and medical data.
- Oversecured found a total of 1,575 security issues across ten apps, including 54 high- and 538 medium-severity flaws.
- Confirmed issues include unsafe Intent.parseUri use, readable local storage, plaintext API/configuration data, and insecure token generation.
- Several apps claim private or encrypted chats, yet many lack root detection and carry medium-severity weaknesses that undermine privacy.
- The analyzed apps have more than 14.7 million collective downloads, and it is unclear whether developers have patched the reported flaws.