The National Health Service (NHS) can’t seem to get it right when it comes to health apps and app stores. Last year it was revealed that many of the apps featured in the NHS Health app store were corrupted, and now it seems that the technical directors haven’t addressed the issue properly.
According to Norwegian security firm Promon, corrupted apps keep getting approved and others don’t have proper protection.
Promon says that “all of the NHS-approved apps” could have their code corrupted, as no binary protection was in place. There was also an “overall lack of adequate protection in the transport layer”. The security firm warns that this practice might lead to users’ privacy being violated, data collected and the apps modified.
What’s even more worrying, app executives mostly had no clue what was going on, with 84 per cent of them believing their apps were secure. Users, on the other hand, show no understanding for these issues, with 76 per cent saying they’d switch providers if they knew the apps they were using were not secure.
Tom Lysemose Hansen, founder and CTO of Promon, warned of the ramifications of failing to address the problem: “A leak of private medical records on a large scale is tantamount to a doctor tweeting the medical records of his patients. What could be a serious legal issue should no longer be brushed off by consumers as a ‘beta mode’ operation or the result of technical directors’ short-sightedness.”
“Evidently app security must be taken more seriously in order to reconcile the different views of the app executives and the consumers, or else they will migrate to another provider. Despite many of the apps boasting privacy policies, the security of users’ data has been plainly compromised. To avoid further damaging claims, the NHS must review and tighten their security policy by introducing self-defending apps,” he added.