JAKARTA - A digital therapy application that has long been trusted to help mental health turns out to hold great risks. The latest security report reveals that a number of popular therapy apps on Android are suspected of experiencing serious data leaks, which could potentially make users' personal information and therapy records circulate on the dark web.
This finding was revealed by security researchers from Oversecured, who stated that some therapy apps and artificial intelligence-based therapy apps have security holes. The gap allows users' sensitive data, including conversations related to anxiety, depression, trauma, and addiction, to be accessed by unauthorized parties.
Therapy apps are generally built with high promises of confidentiality. Users feel safe sharing their most personal problems because they assume conversations with therapists or AI chatbots are closed. But this report shows that assumption is not always true.
According to Oversecured, the affected applications have a combined download count of tens of millions. More worrying, these applications have facilitated hundreds of millions of sensitive conversations around mental health. This means that the potential impact of this data leak could be very broad.
The data leak is said to come from a loophole known as intent vulnerabilities, which are weaknesses in the system of communication between applications on Android. Oversecured said more than a quarter of the therapy apps they scanned in the Play Store had this type of vulnerability.
However, Oversecured has not revealed the names of the affected applications. The security researcher stated that he is currently in the responsible disclosure phase, which means that the developers of the related applications have been informed of the security hole, but the repair has not been fully carried out. To prevent further abuse, technical details are still restricted.
Oversecured said that one of the affected applications was an AI therapy solution with very high user engagement and millions of active users. Other applications even have FDA Breakthrough Device status for depression treatment, and are used in state health service programs in Europe.
Not only that, the report also mentions that the affected apps, including products backed by large funding from well-known technology investors, have gone through various randomized controlled clinical trials, and are used by large companies, insurance companies, and government health institutions.
This finding raises major concerns regarding data security in the digital health sector, especially because mental health information is considered very sensitive. If the data is leaked and sold on the dark web, the impact could include serious privacy violations, extortion, and identity abuse.
Oversecured stated that it would release additional information after the app developer closed the security hole found. Meanwhile, users are advised to be more careful when sharing personal information through digital therapy apps and update the app regularly when security fixes are released.
This case is a reminder that in the midst of the rapid adoption of application-based mental health technology, user data protection must be the top priority, not just a marketing promise.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
