How Secure Is Your Health or Fitness App?

THURSDAY, June 17, 2021 (HealthDay News) — Your health and fitness apps may have privacy issues that put your personal information at risk, researchers warn.

“This analysis found serious problems with privacy and inconsistent privacy practices in mHealth [mobile health] apps. Clinicians should be aware of these and articulate them to patients when determining the benefits and risks,” lead study author Muhammad Ikram and his co-authors concluded. He’s a computing lecturer at Macquarie University in Sydney, Australia.

The researchers looked at more than 15,000 free health apps in the Google Play store and compared their privacy practices with a random sample of more than 8,000 non-health apps.

Health apps — including step and calorie counters, menstruation trackers and symptom checkers — collected less user data than other types of mobile apps. But 88% of health apps could access and potentially share personal data, the research team discovered.

About two-thirds of health apps could collect ad identifiers or cookies, one-third could snag a user’s email address and about one-quarter could identify the mobile phone tower linked to a user’s device, potentially revealing the user’s location.

Only 4% of health apps transmitted data (mostly user’s name and location information), but that’s a substantial percentage and probably less than actual data transmissions by the apps, according to the authors.

The report was published online June 16 in the BMJ.

The investigators also found that almost 88% of data collection operations and 56% of user data transmissions were on behalf of third-party services, such as external advertisers, analytics and tracking providers. And 23% of user data transmissions occurred on insecure communication channels.

The top 50 third-parties were responsible for most data collection operations (68%), most commonly by a small number of tech companies, including Google, Facebook and Yahoo!, the study authors noted in a journal news release.

The researchers also found that 28% of the mobile health apps did not offer any privacy policy text, and at least one-quarter of user data transmissions violated what was stated in the privacy policies. But just over 1% of user reviews raised concerns about privacy.

While there are some things users can do to safeguard their privacy, “we must also advocate for greater scrutiny, regulation, and accountability on the part of key players behind the scenes — the app stores, digital advertisers and data brokers — to address whether these data should exist and how they should be used, and to ensure accountability for harms that arise,” Canadian researchers wrote in an accompanying editorial.

More information

The U.S. Federal Trade Commission has more on health apps and privacy.

SOURCE: BMJ, news release, June 16, 2021