Image source: StockSnap from Pixabay
The researchers say the collection of personal user information is “a pervasive practice” and that patients should be informed on the privacy practices of these apps and the associated privacy risks before installation and use.
Of the 2.8 million apps on Google Play and the 1.96 million apps on Apple Store, an estimated 99,366 belong to medical and health and fitness categories (known collectively as mobile health or mhealth apps). They include the management of health conditions and symptom checking to step and calorie counters and menstruation trackers and often contain sensitive health information.
App developers routinely, and legally, share user data, but inadequate privacy disclosures have been repeatedly found for many mhealth apps, preventing users from making informed choices around the data. To explore this further, researchers at Macquarie University in Australia identified more than 15,000 free mhealth apps in the Google Play store and compared their privacy practices with a random sample of more than 8,000 non-health apps. They found that while mhealth apps collected less user data than other types of mobile apps, 88% could access and potentially share personal data. For example, about two thirds could collect advert identifiers or cookies, one third could collect a user’s email address, and about a quarter could identify the mobile phone tower to which a user’s device is connected, potentially providing information on the user’s geolocation.
The majority of top-rated fertility apps collect and even share intimate information without the users’ knowledge or permission, a collaborative study by Newcastle and Umea Universities has found. Researchers are now calling for a tightening of the categorisation of these apps by platforms to protect women from intimate and deeply personal information being exploited and sold.
These are observational findings and the researchers point to some limitations. For instance, some parts of the apps might not have been triggered during testing, and restricting the analysis to free apps might have introduced bias. However, they say their study presents a broad assessment of mhealth apps compared with previous studies, and they conclude: “This analysis found serious problems with privacy and inconsistent privacy practices in mhealth apps. Clinicians should be aware of these and articulate them to patients when determining the benefits and risks of mhealth apps.” The status quo regarding health apps’ privacy practices means that it is difficult and even irresponsible to offer tips to busy clinicians or consumers about how to choose a health app that protects their privacy, argue Canadian researchers in a linked editorial.
They point out that consumers can make it more difficult to be tracked by disabling advert identifiers, adjusting app permissions, and using advert blockers, but say “we must also advocate for greater scrutiny, regulation, and accountability on the part of key players behind the scenes - the app stores, digital advertisers, and data brokers - to address whether these data should exist and how they should be used, and to ensure accountability for harms that arise.”
Source: The BMJ