Mental health apps leaking private data: 2026 audit
🧠 In February 2026, cybersecurity firm Oversecured audited 10 popular Android mental‑health apps and found 1,575 vulnerabilities — 54 rated critical — across apps with a combined 14.7M+ installs. Findings include insecure local storage, hardcoded API endpoints, weak token generation using java.util.Random, and no root detection, contradicting many apps’ claims of full encryption. The report highlights the real risk of exposure of therapy transcripts, mood logs, and medication data and urges users to review permissions, update apps, and avoid third‑party sign‑ins.
