Mobile apps have serious problems with privacy

Image source: StockSnap from Pixabay

Potential risks

Mobile apps have serious problems with privacy

An in-depth analysis of more than 20,000 health related mobile applications (mhealth apps) finds “serious problems with privacy and inconsistent privacy practices.”

The researchers say the collection of personal user information is “a pervasive practice” and that patients should be informed on the privacy practices of these apps and the associated privacy risks before installation and use.

Of the 2.8 million apps on Google Play and the 1.96 million apps on Apple Store, an estimated 99,366 belong to medical and health and fitness categories (known collectively as mobile health or mhealth apps). They include the management of health conditions and symptom checking to step and calorie counters and menstruation trackers and often contain sensitive health information.

App developers routinely, and legally, share user data, but inadequate privacy disclosures have been repeatedly found for many mhealth apps, preventing users from making informed choices around the data. To explore this further, researchers at Macquarie University in Australia identified more than 15,000 free mhealth apps in the Google Play store and compared their privacy practices with a random sample of more than 8,000 non-health apps. They found that while mhealth apps collected less user data than other types of mobile apps, 88% could access and potentially share personal data. For example, about two thirds could collect advert identifiers or cookies, one third could collect a user’s email address, and about a quarter could identify the mobile phone tower to which a user’s device is connected, potentially providing information on the user’s geolocation.

Recommended article

Photo

Inconceivable?

Many fertility apps not exactly fussy about data privacy, study shows

The majority of top-rated fertility apps collect and even share intimate information without the users’ knowledge or permission, a collaborative study by Newcastle and Umea Universities has found. Researchers are now calling for a tightening of the categorisation of these apps by platforms to protect women from intimate and deeply personal information being exploited and sold.

Only 4% of mhealth apps actually transmitted data (mostly user’s name and location information). However, the researchers say this percentage is substantial and should be taken as a lower bound for the real data transmissions performed by the apps. What’s more, 87.5% of data collection operations and 56% of user data transmissions were on behalf of third party services, such as external advertisers, analytics, and tracking providers, and 23% of user data transmissions occurred on insecure communication channels. The top 50 third parties were responsible for most (68%) of the data collection operations, which most commonly were a small number of tech corporations, including Google, Facebook, and Yahoo! The researchers also found that 28% (5,903) of the mHealth apps did not offer any privacy policy text, and at least 25% (15,480) of user data transmissions violated what was stated in the privacy policies. Yet only 1.3% (3,609) of user reviews raised concerns about privacy.

These are observational findings and the researchers point to some limitations. For instance, some parts of the apps might not have been triggered during testing, and restricting the analysis to free apps might have introduced bias. However, they say their study presents a broad assessment of mhealth apps compared with previous studies, and they conclude: “This analysis found serious problems with privacy and inconsistent privacy practices in mhealth apps. Clinicians should be aware of these and articulate them to patients when determining the benefits and risks of mhealth apps.” The status quo regarding health apps’ privacy practices means that it is difficult and even irresponsible to offer tips to busy clinicians or consumers about how to choose a health app that protects their privacy, argue Canadian researchers in a linked editorial.

They point out that consumers can make it more difficult to be tracked by disabling advert identifiers, adjusting app permissions, and using advert blockers, but say “we must also advocate for greater scrutiny, regulation, and accountability on the part of key players behind the scenes - the app stores, digital advertisers, and data brokers - to address whether these data should exist and how they should be used, and to ensure accountability for harms that arise.”

Source: The BMJ

18.06.2021

Read all latest stories

Related articles

Photo

Health Apps

Can medical apps replace conventional medical diagnostics?

The question as to whether or not there is a point in using medical apps on private smartphones is being asked more frequently. Issues around medical diagnostics are among the key points here. We…

Photo

Inconceivable?

Many fertility apps not exactly fussy about data privacy, study shows

The majority of top-rated fertility apps collect and even share intimate information without the users’ knowledge or permission, a collaborative study by Newcastle and Umea Universities has found.…

Photo

Digital health approaches

The struggle to create COVID-19 contact-tracing apps

While scientists recently confirmed the crucial role contact-tracing apps play in containing the COVID-19 pandemic, politicians are exploring which app architecture offers better privacy protection.…

Related products

ASP Lab Automation – Recapper KapSafe

Sample Processing

ASP Lab Automation – Recapper KapSafe

ASP Lab Automation AG
Canon Electron Tubes & Devices – FDX3543RPW/FDX4343RPW

DR Detectors

Canon Electron Tubes & Devices – FDX3543RPW/FDX4343RPW

Canon Electron Tubes & Devices Co., Ltd
Canon - Mobirex+

Mobile DR

Canon - Mobirex+

Canon Medical Systems Europe B.V.
Dinamik Röntgen - Mobile DR System

Mobile DR

Dinamik Röntgen - Mobile DR System

Dynamic X-Ray (Dinamik Röntgen)
Examion – X-Mammo DR M

Mammo DR

Examion – X-Mammo DR M

EXAMION GmbH
Heal Force – Biosafety Cabinet

Heal Force – Biosafety Cabinet

Heal Force Bio-meditech Holdings Ltd.
Subscribe to Newsletter