DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

iPharmacy app gets negative review from Appthority (updated to reflect problems addressed)

Posted on December 17, 2013 by Dissent

Update of February 2014: The developers took the negative review seriously and fixed the problems, appthority reports, here.

Original post:

Appthority has posted its review of iPharmacy Drug Guide and Pill  ID, which they note has been downloaded over 1,000,000 times from Google Play.

From their review:

Appthority Trust Score: 60 (out of 100 possible)/policy enforced

[…]

Detailed privacy behaviors/privacy violations:

1. Sends login and password over the network is unencrypted. The “encrypted” flag sent with the user and password is false, the user and password are in fact just encoded with a common encoding scheme (BASE64) and can be trivially decoded to see the plaintext user and password. […]

2. Sends searches for pharmacy pills, the exact medication taken for, and reminders all over the network with the User ID and name unencrypted. ([2] in technical details below).

3. All activities and actions in the apps are being tracked by multiple analytic SDKs, including UrbanAirship and Google Analytics.

4. Sending PII (Private Identifying Information), unencrypted, to at least three different ad networks.

Read more on Appthority.

Related Posts:

  • Update: iPharmacy App fixed
  • Android App Leaks Your Medical Info Online
  • Update: QxMD fixes privacy problem in Calculate
  • Eavesdropper: The Mobile Vulnerability Exposing…
  • Vulnerabilities in Walmart App and Walgreens App

Post navigation

← Calgary pharmacist used private health information to hit on patient: report
There are lessons to be learned from the Maricopa County Community Colleges breach. Learn them, dammit. →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Seeking clarification on Maine’s data breach notification statute
  • East River Medical Imaging notifies 605,809 patients of breach
  • Russian hackers exploiting Outlook bug to hijack Exchange accounts
  • Britain dismisses report claiming Sellafield nuclear site hacking, says no malware exists on our system
  • 23andMe data breach: Hackers accessed data of 6.9 million users
  • AlphV claims they have started contacting some of Tipalti’s clients (1)
  • Research: Privacy as Pretense: Empirically Mapping the Gap Between Legislative & Judicial Protections of Privacy
  • What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US.

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net