How Apple and Opera Mini just exposed your Medical Records to the world
Well, really just a subset of potentially mischievous Norwegians, but I digress.
As of Friday, March 16th, 2010, the Opera Mini app for iPhone and iPad ranks as the most popular download in the Apple App Store with supposedly over 1 million+ downloads thus far. Approved by Apple on March 13th, 2010, the Opera Mini app is the first and only non-Safari alternative web browser for the iPhone and iPad.
We’re quite sure that the iPhone and iPad see some use in the health care trenches. So, we’re gonna go out on a limb here to suggest that many of those same medical professionals have downloaded the Opera Mini app and used it to check out your medical record. So…what’s the problem here?
All Your Records Are Belong To Us
The Opera Mini Browser displays web pages quickly by using data compression on Opera’s servers in Norway. Each web page you visit (yes, even those with encryption) is decrypted, compressed, and recompiled into Opera’s proprietary markup language. The information is then re-encrypted and forwarded back to you. While the to-and-fro connection to Opera’s servers is encrypted, the technical mumbo jumbo in the middle is not. Essentially, Opera can see/cache/log everything you do while using the Opera Mini Browser app – including every single medical record viewed through the Opera Mini app on an iPhone or iPad since Tuesday. And to the best of my abilities to understand the data encryption requirements from the Health Insurance Portability and Accountability Act (HIPAA), this is tiptoeing into some pretty dangerous waters.
From Opera’s own website:
Is there any end-to-end security between my handset and — for example — paypal.com or my bank?
No. If you need full end-to-end encryption, you should use a full Web browser such as Opera Mobile.
Opera Mini uses a transcoder server to translate HTML/CSS/JavaScript into a more compact format. It will also shrink any images to fit the screen of your handset. This translation step makes Opera Mini fast, small, and also very cheap to use. To be able to do this translation, the Opera Mini server needs to have access to the unencrypted version of the Web page. Therefore no end-to-end encryption between the client and the remote Web server is possible.
Can Opera Software see my passwords and credit card numbers in clear text? What is the encryption good for then?
The encryption is introduced to protect the communication from any third party between the client (the browser on your handset) and the Opera Mini transcoder server. If you do not trust Opera Software, make sure you do not use our application to enter any kind of sensitive information.
Enjoy.
Very interesting topics.I am looking this type of topics, I need more informations because everyone knows “Health is wealth” is very much known to all and everyone wants good health.That means no one wants to leave this wealth. So, Let us build a food habit discipline, keep pace with work, rest and or exercise to Achieve good health, The ultimate wealth.
Our Healthier Living
[...] With such impressive-sounding features, it should come as no surprise that 2.6 million people used the Opera Mini for iPhone browser in the last two weeks of April alone. A total of 58.9 million people worldwide use a version of Opera Mini. Even though the app is free, those faster speeds and lower data usage still comes at a cost. [...]
Leave your response!