"Mental Health and Prayer Apps Fail the Privacy Test"

Security researchers at Mozilla have discovered that over 90% of mental wellness and prayer apps contain serious privacy issues, while many others raise cybersecurity concerns.  The researchers found that 29 out of the 32 apps analyzed did not pass Mozilla’s privacy requirements, while 25 out of 32 did not meet its Minimum Security Standards, which cover things like encryption, security updates, strong passwords, and vulnerability management.  The researchers reported that many of the apps routinely share sensitive data, allow weak passwords, target vulnerable users with personalized ads, and feature poorly written privacy policies.  The six worst offenders on the list featured “incredibly vague and messy privacy policies,” shared personal information with third parties, and/or collected chat transcripts.   The researchers also noted that only one out of all the app developers they analyzed responded to their questions promptly, despite the app developers being sent requests for more information three times.  At least eight apps allowed weak passwords ranging from “1” to “11111111,” Mozilla claimed.  Only two out of the 32 apps made it into the “best of” category: PTSD Coach, an app created by the US Department of Veterans Affairs, and AI chatbot Wysa.

Infosecurity reports: "Mental Health and Prayer Apps Fail the Privacy Test"