Mozilla finds mental health apps fail 'spectacularly' at user security, data policies

An investigation into mental health and prayer apps has revealed a disturbing lack of concern surrounding user security and privacy.

On Monday, Mozilla released the findings of a new study into these types of apps, which often deal with sensitive topics including depression, mental health awareness, anxiety, domestic violence, PTSD, and more, alongside religion-themed services.

According to Mozilla’s latest *Privacy Not Included guide, despite the deeply personal information these apps manage, they “routinely share data, allow weak passwords, target vulnerable users with personalized ads, and feature vague and poorly written privacy policies.”

In a study of 32 applications geared toward mental health and religion, the organization found that 25 of them did not meet Mozilla’s Minimum Security Standards.

These standards act as a benchmark for the *Privacy Not Included reports. The mismanagement or unauthorized sharing and sale of user data, vague data management policies, a lack of encryption, weak password policies, no clear vulnerability management system, and other lax security policies can all downgrade a vendor product in the eyes of Mozilla.

If an app or service fails to meet these basic requirements, they are slapped with the “*Privacy Not Included”

Read More: https://www.zdnet.com/article/mozilla-finds-mental-health-apps-fail-spectacularly-at-user-data-security/#ftag=RSSbaffb68