Scenario: An app development company has been asked to create a health clinic scheduling app that will run on Android and iOS. The app will have a user signup that will require the user's full name, address, health insurance ID information, and birth date, as well as a user chosen login and password. The clinic wants to have access to the user's location information so that the app can direct the user to the nearest open clinic. The app will update an online database with the user information (username, health issue, doctor, date, time, location). The clinic would like the user to be able to debit their bank from the app for their co-pay and other payments. The clinic would like to link to the health insurance company for billing purposes, and would like to be able to send prescriptions to the pharmacy. The user would have access to all prescriptions, all test results, and all appointments (past and future).

What are the security vulnerabilities for this app and how might you mitigate (minimize or eliminate) these vulnerabilities?

This is a formal report - a minimum of 750 words (3 pages).