Android mental health apps insecure URI parsing and local storage flaws security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Ten Android mental health apps were found to contain 1,575 vulnerabilities, putting therapy records, login credentials, and other sensitive medical data at risk. One app alone had more than 85 medium- and high-severity flaws. The issues included Intent.parseUri() misuse, readable local storage, and weak java.util.Random generation for tokens or keys.
Related Happenings
Android RAT campaign using Hugging Face dropper lure
Campaign
First: 16.02.2026 12:24
Last: 16.02.2026 12:24
Sources 1
About this happening:
In recent weeks, a **live Android RAT campaign** has used **Hugging Face** to deliver malicious APKs through a fake-update lure. The operation starts with a dropper app, such as *...
Android RAT campaign using Hugging Face dropper lure
CampaignAbout this happening: In recent weeks, a **live Android RAT campaign** has used **Hugging Face** to deliver malicious APKs through a fake-update lure. The operation starts with a dropper app, such as *...
ZeroDayRAT mobile spyware advertisement
Malware Activity
First: 10.02.2026 15:00
Last: 10.02.2026 15:00
Sources 1
About this happening:
The **ZeroDayRAT** mobile spyware platform is being advertised on **Telegram** as a commercial toolkit for **Android** and **iOS** devices, with support for **Android 5 through 16...
ZeroDayRAT mobile spyware advertisement
Malware ActivityAbout this happening: The **ZeroDayRAT** mobile spyware platform is being advertised on **Telegram** as a commercial toolkit for **Android** and **iOS** devices, with support for **Android 5 through 16...
Timeline
-
24.02.2026 00:59 1 articles · 3mo ago
January 22 scan of mental health apps
Technical Analysis UpdateOversecured scanned Android mental health apps on January 22, 2026, checking APK files against known vulnerability patterns in dozens of categories and targeting the latest available releases that could expose therapy records, login credentials, and local medical data.
Show sources
- Android mental health apps with 14.7M installs filled with security flaws — www.bleepingcomputer.com — 24.02.2026 00:59
-
24.02.2026 00:59 1 articles · 3mo ago
January 23 scan of mental health apps
Technical Analysis UpdateOversecured continued scanning Android mental health apps on January 23, 2026, examining latest available APK releases for insecure URI handling, readable local storage, plaintext configuration data, weak java.util.Random usage, and weak root-detection controls that could weaken therapy-data protection.
Show sources
- Android mental health apps with 14.7M installs filled with security flaws — www.bleepingcomputer.com — 24.02.2026 00:59
-
24.02.2026 00:59 2 articles · 3mo ago
Disclosure of 1,575 vulnerabilities in mental health apps
Initial DisclosureOn February 23, 2026, the disclosure described 1,575 security vulnerabilities across ten Google Play mental health apps, including 54 high-severity, 538 medium-severity, and 983 low-severity issues, with one app exceeding 85 medium- and high-severity findings and the flaws risking exposure of therapy transcripts, mood logs, medication schedules, and other sensitive medical data.
Show sources
- Android mental health apps with 14.7M installs filled with security flaws — www.bleepingcomputer.com — 24.02.2026 00:59
- Android mental health apps with 14.7M installs filled with security flaws — www.bleepingcomputer.com — 24.02.2026 00:59