iOS App Autopsy #2: Your Health Data Is Not as Private as You Think — MedTech

What happens when a security researcher downloads a health app from the App Store and starts pulling it apart? In this live session, you'll find out — no slides, no theory, no mercy.
I'll take a real healthcare iOS application, download it, and perform a full static security analysis live — step by step, using professional-grade tools. You'll watch as unencrypted databases with patient information, Firebase configurations leaking backend data, hardcoded API keys, and user profiles stored in plain text surface in minutes. Then, for a bonus round, we'll examine how a well-known health or fitness app handles your medical data behind the scenes.

What you'll walk away with: — How health apps store your most sensitive data (and how poorly they protect it) — What Firebase misconfigurations actually expose in practice — Why local databases on your device are rarely as encrypted as you'd expect — How attackers move from a single leaked config file to full backend access.

Who this is for: iOS developers working with health data, product managers in MedTech, security engineers, and anyone building apps that handle personal or medical information.

About the host: Sergii Koval — 15+ years in iOS/macOS security. Security architect for banking and enterprise platforms. Creator of Threat Explorer, a proprietary iOS security analysis platform. Based in Luxembourg.

Format: Live demo via Google Meet. ~60 minutes. Free. Recorded for YouTube. This is part of a monthly series. Each session, a different industry goes on the table.