Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users’ sensitive medical information.
In one of the apps, security researchers discovered more than 85 medium- and high-severity vulnerabilities that could be exploited to compromise users’ therapy data and privacy.
Some of the products are AI companions designed to help people suffering from clinical depression, multiple forms of anxiety, panic attacks, stress, and bipolar disorder.
At least six of the ten analyzed apps state that user conversations or chats remain private, or are encrypted securely on the vendor’s servers.
“Mental health data carries unique risks. On the dark web, therapy records sell for $1,000 or more per record, far more than credit card numbers,” says Sergey Toshin, founder of mobile security company Oversecured.
Over 1,500 security issues found
Oversecured scanned ten mobile apps advertised as tools that can help with various mental health problems, and uncovered a total of 1,575 security vulnerabilities (54 rated high-severity, 538 medium-severity, and 983 low-severity).
| App Type | Installs | High | Medium | Low | Total | Scan date | |
| 01 | Mood & habit tracker | 10M+ | 1 | 147 | 189 | 337 | 01/23/2026 |
| 02 | AI therapy chatbot | 1M+ | 23 | 63 | 169 | 255 | 01/22/2026 |
| 03 | AI emotional health platform | 1M+ | 13 | 124 | 78 | 215 | 01/23/2026 |
| 04 | Health & symptom tracker | 500k+ | 7 | 31 | 173 | 211 | 01/22/2026 |
| 05 | Depression management tool | 100k+ | – | 66 | 91 | 157 | 01/23/2026 |
| 06 | CBT-based anxiety app | 500k+ | 3 | 45 | 62 | 110 | 01/22/2026 |
| 07 | Online therapy & support community | 1M+ | 7 | 20 | 71 | 98 | 01/23/2026 |
| 08 | Anxiety & phobia self-help | 50k+ | – | 15 | 54 | 69 | 01/22/2026 |
| 09 | Military stress management | 50k+ | – | 12 | 50 | 62 | 01/22/2026 |
| 10 | AI CBT chatbot | 500k+ | – | 15 | 46 | 61 | 01/23/2026 |
Although none of the discovered issues are critical, many can be leveraged to intercept login credentials, spoof notifications, HTML injection, or to locate the user.
The researchers used the Oversecured scanner to check the APK files of the ten mental health applications for known vulnerability patterns in dozens of categories.
In a report shared with BleepingComputer, the researchers say that some of the verified apps “parse user-supplied URIs without adequate validation.”
One therapy app with more than one million downloads uses Intent.parseUri() on an externally controlled string and launches the resulting messaging object (intent) without validating the target component.
This allows an attacker to force the app to open any internal activity, even if it is not intended for external access.
“Since these internal activities often handle authentication tokens and session data, exploitation could give an attacker access to a user’s therapy records,” Oversecured explains.
Another issue is storing data locally in a way that gives read access to any app on the device. Depending on the saved information, this could expose therapy details, such as therapy entries, Cognitive Behavioral Therapy (CBT) session notes, and various scores.
Oversecured states that they also discovered plaintext configuration data, including backend API endpoints and a hardcoded Firebase database URL, within the APK resources.
Furthermore, some of the vulnerable apps use the cryptographically insecure java.util.Random class for generating session tokens or encryption keys.
According to the researchers, “most of the 10 apps lack any form of root detection.” On a rooted (jailbroken) device, any app with root privileges has access to all health data stored locally.
Oversecured says that six of the ten analyzed apps “had zero high-severity findings, but still carried medium-severity issues that weaken their overall security posture.”
“These apps collect and store some of the most sensitive personal data in mobile: therapy session transcripts, mood logs, medication schedules, self-harm indicators, and in some cases, information protected under HIPAA,” the researchers note.
From BleepingComputer’s observations the collective download count for the apps scanned by Oversecured is more than 14.7 million, and only four received an update as recently as this month. For the rest, the date of the latest update was as recent as November 2025 or even September 2024.
Oversecured’s scans occurred between January 22 and 23 and targeted the latest app versions available at the time. The researchers cannot confirm if any of the uncovered vulnerabilities have been addressed.
BleepingComputer has refrained from the sharing the names of the impacted apps as the vulnerabilities are still being disclosed by Oversecured.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
