Update of February 2014: The developers took the negative review seriously and fixed the problems, appthority reports, here.
Original post:
Appthority has posted its review of iPharmacy Drug Guide and Pill ID, which they note has been downloaded over 1,000,000 times from Google Play.
From their review:
Appthority Trust Score: 60 (out of 100 possible)/policy enforced
[…]
Detailed privacy behaviors/privacy violations:
1. Sends login and password over the network is unencrypted. The “encrypted” flag sent with the user and password is false, the user and password are in fact just encoded with a common encoding scheme (BASE64) and can be trivially decoded to see the plaintext user and password. […]
2. Sends searches for pharmacy pills, the exact medication taken for, and reminders all over the network with the User ID and name unencrypted. ([2] in technical details below).
3. All activities and actions in the apps are being tracked by multiple analytic SDKs, including UrbanAirship and Google Analytics.
4. Sending PII (Private Identifying Information), unencrypted, to at least three different ad networks.
Read more on Appthority.