Danny Weber
23:03 05-11-2025
© RusPhotoBank
A large-scale AppSec Solutions audit of mobile health and fitness apps uncovered 1,300 vulnerabilities, many critical. See key risks and tips to stay safe.
AppSec Solutions has carried out a large-scale audit, reviewing roughly a hundred popular mobile health and fitness apps. The findings are hard to ignore: analysts identified more than 1,300 vulnerabilities, including 450 classified as critical or high severity.
At the heart of the problem is the insecure storage of sensitive data—passwords, access tokens, and users’ personal details—left directly in app source code. This practice effectively lowers the barrier for attackers, opening a path to the services’ inner workings and to personal data with little resistance. It’s the kind of basic lapse that shouldn’t be appearing at this scale.
Particularly risky are apps that collect financial and geolocation information. Many fitness services bundle paid features and access to users’ payment data while also tracking workout routes and movements, a combination that can enable surveillance and data theft. That pairing of money and movement data is a volatile mix.
To improve safety, experts advise users not to link bank cards to apps, to enable two-factor authentication, keep software up to date, and carefully review permission requests during installation. They also recommend downloading apps only from official sources. Simple steps, but they matter when the basics are shaky.