430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Crypto

Federal Trade Commission – Watch out to Health and Fitness Apps

The Federal Trade Commission debated on the privacy ramifications of consumer generated and controlled health data, following data on mobile apps. The Federal Trade Commission has recently released the disconcerting results of a study conducted on 12 mobile health and fitness apps, focusing the analysis on the way they manage users’ personal information. Let me anticipate that […]

Federal Trade Commission – Watch out to Health and Fitness Apps

The Federal Trade Commission debated on the privacy ramifications of consumer generated and controlled health data, following data on mobile apps.

The Federal Trade Commission has recently released the disconcerting results of a study conducted on 12 mobile health and fitness apps, focusing the analysis on the way they manage users’ personal information.

Let me anticipate that he mobile apps use to share users’ personal data with 76 different third parties, if we consider that these applications are widely diffused we can imagine the effect on privacy and security.

Jah-Juin Ho, an attorney in the Federal Trade Commission ’s Mobile Technology Unit presented the results of the research on the privacy of consumer-generated health data  this week during a presentation at the  Federal Trade Commission led panel in Washington, D.C., he avoided naming any of the apps the FTC looked at.

Federal Trade Commission health-and-fitness-apps

Ho explained that third parties receive from the application several phone information screen size, device model, language setting) and a series of metrics and characteristics about their bodies.

“Who are these third parties and what kind of information are they receiving about our bodies?” this is the question made by the attorney.

Practically all the audited apps share the handset information with third parties, 18 of 76 entities collect information as Unique Device Identifier (UDID) for Apple devices, the device MAC address and International Mobile Station Equipment Identity (IMEI).

But private entities are mainly interested in users’ habits, third party companies collect consumer information (e.g Sleeping patterns, cadence of how they walk or run, users’ running routes, eating habits). In many cases, they are able to track users in the usage of different application from user identifier, making the analysis very effective for advertising activities.

22 of the 76 third parties received information about users’ exercise information, customers diet, symptoms, gender, geo-location data) and much more, Ho highlighted that 12 apps were found sending data to a single ad company and some of them were found transferring data without anonymizing the users’ data.

“It wasn’t uncommon for third parties to identify users by their first name, last initial and then a stream of identifiers,” said Ho.

The study, presented at the panel arranged by The Federal Trade Commission, shows mobile users don’t properly manage permissions for the apps they run, causing an unpredictable exposure of their data to third parties.

“We were as permissive as possible, meaning that if an app asked us for permission to access a certain feature or to sync with another app, we always accepted and opted in,” Ho said commenting the results of the research.

As explained later in the seminar by Joseph Lorenzo Hall, the Chief Technologist for the Center for Democracy & Technology, these apps represent a serious risk for user’s physical safety and privacy.

“If you’re talking about running routes and things like that, you may be able to predict where someone is alone and when they’re not at home and that can be extremely sensitive given your own personal context,” Hall said.

Be conscious of your media exposure when you choose your apps and carefully evaluate the permissions you are granting them!

Pierluigi Paganini

(Security Affairs –  The Federal Trade Commission, mobile apps)