Apps to quit drugs are leaking their users' data

In-app stores you can be found tools for virtually any problem. Among the options are apps that promise to help those who are going through a drug problem, which means that they have access to very sensitive information about their users. The problem is that some are leaking data without authorization, making people who have trusted their systems vulnerable.

According to a post on Techcrunch, several applications designed to help people quit drugs and widely used in various countries are accessing and sharing confidential user data with third parties.

A report from ExpressVPN's Digital Security Lab, compiled in conjunction with the Opioid Policy Institute and the Defensive Lab Agency in the United States, found that some of the addiction-fighting apps collect and share sensitive information.

The report studied 10 drug treatment apps available on Android: Bicycle Health, Boulder Care, Confidant Health, DynamiCare Health, Kaden Health, Loosid, Pear Reset-O, ​​PursueCare, Sober Grid, and Workit Health. These applications have been installed at least 180 thousand times and have received more than 300 million in funds from investment groups and the United States government.

The problem is that the research found that most applications accessed unique identifiers on the user's device and, in some cases, shared that data with third parties.

In detail, of the 10 applications studied, seven access the Android advertising ID, an identifier generated by the user that can be linked to other information in order to know exactly who the person is. In addition, five of the applications also access the phone number of the devices; three access the phone's unique IMEI and IMSI numbers, which can also be used to uniquely identify a person's device; and two access the list of users' installed applications, which the researchers say can be used to create a "fingerprint" of a user to track their activities.

Many of the examined applications also obtain location information in some way, for example, when they are correlated with unique identifiers, so they have the ability to keep an eye on a person, know their daily habits, behaviors, and with whom they interact.

One of the methods that applications are using to do this tracking is through Bluetooth. Seven of the apps ask for permission to make Bluetooth connections, which the researchers say is particularly concerning given the fact that it can be used to track users in real-world locations. "Bluetooth can do what I call proximity tracking, so if you're at the grocery store, it knows how long you are in a certain aisle or how close you are to someone else," Sean O'Brien, principal investigator for ExpressVPN's Digital Security Lab.

Although the researcher clarified that the use of trackers cannot always be considered malicious and that even some developers are not even aware of their existence when it comes to such personal information, such as an addiction, it is important to be vigilant. "I am concerned that information from people who have been in treatment could eventually affect things like their health insurance or getting a job."

The serious thing about it happening now

Of course, the violation of people's privacy is reprehensible at any time, but the health emergency situation that exists throughout the world makes the situation even more serious.

What happens is that, as a result of the Covid-19 pandemic, worldwide efforts are being made to promote telehealth services and applications, especially in cases that are not considered a priority, such as treatment against telehealth addictions.

In fact, it is precise because of the above that apps that offer help to people with an addiction problem have gained popularity. Many of them have even received the support of government institutions and private companies for seeing them as a solution to budget cuts.

The problem is that experts believe that such breaches of privacy can lead people to distrust the virtual medical services that will be needed. In fact, both in the case of addiction treatment, as with other digital health services, confidentiality continues to be one of the main concerns that people mention for not entering treatment.