A recent study by Symantec has found one in five (20 per cent) mobile apps transmit passwords in plain text.
Symantec technology strategist, Mark Shaw, said this level of lax security uncovered in the How Safe is Your Quantified-self? whitepaper is "almost unforgivable" in today's world.
"We're not just taking about the lax security of the devices, but that around systems," he said.
"It's how they connect to applications on smartphones and, in many cases, send data up to the service provider in the Cloud."
The whitepaper also found the average number of unique domains contacted by a single app was five, with some contacting up to 14.
Shaw admits the result is quite high, as he would only expect an application to communicate with two or three services, with one of those being the application provider.
Another key finding the report was that 52 per cent of apps did not make privacy policies available.
Shaw said this is another example of lax security and lack of due diligence by the application provider.
"The speed of developers getting into the market means they haven't crossed the t's and dotted the i's in many cases," he said.
Privacy laws up to now have focused on personal identifiable information such as name, date of birth, or tax file number, but Shaw is seeing new types of data come through.
"It is just as important, as it can be associated and create even more of a profile for the user," he said.
Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.