Apart from straight harvesting a worryingly excessive quantity of person knowledge, a few of these apps additionally collected knowledge from third events like Fb. Information brokers are additionally profiting from the lax safety scenario, and so are insurance coverage firms. However knowledge privateness isn’t the one concern right here. Mozilla’s analysis group found that a few of these psychological well being apps allowed weak passwords so simple as “1” and “11111111.”
Moodfit, an app that collects knowledge about customers’ moods and any signs associated to psychological well being points, allowed customers to set single-digit or single-letter passwords. There was additionally little data on how a few of the analyzed apps dealt with vulnerabilities, whether or not their safety updates have been delivered in a well timed method — or in the event that they deliberate on issuing safety updates in any respect. One other concern is transparency, or the dearth of it, as a majority of app builders did not reply to requests about safety or privateness when Mozilla’s group tried to make contact over the course of their analysis.
Additional complicating the scenario are the privateness insurance policies of those apps, that are labeled as “incredibly vague and messy.” It is pretty customary follow for shady apps to make use of privateness insurance policies which might be basically tall partitions of textual content masquerading as barely understandable privateness disclosures in a bid to dissuade customers from studying them, not to mention uncover phrasing that will elevate purple flags. The whole checklist of problematic psychological well being apps assessed by Mozilla may be discovered right here, alongside full particulars of their knowledge harvesting and dealing with procedures.