The study finds “serious privacy issues” in mobile health apps


Credit: Unsplash / CC0 Public Domain

An in-depth analysis of more than 20,000 health-related mobile applications (mHealth applications) published by The BMJ today it finds “serious privacy issues and inconsistent privacy practices.”

The researchers state that the collection of users ’personal information is“ a widespread practice ”and that patients“ should be informed about the privacy practices of these applications and the associated privacy risks prior to installation and use. ‘use’.

Of the 2.8 million applications on Google Play and 1.96 million applications in the Apple Store, an estimated 99,366 belong to medical and health and fitness categories (collectively known as health applications mobile or mHealth).

They include managing health conditions and checking symptoms in step and calorie counters and menstruation trackers and often contain sensitive health information.

Application developers routinely and legally share user data, but inappropriate privacy disclosures have been found repeatedly for many mHealth applications, preventing users from making informed decisions about the data.

To further explore, researchers at Macquarie University in Australia identified more than 15,000 free mHealth apps in the Google Play Store and compared their privacy practices to a random sample of more than 8,000 non-healthcare apps.

They found that while mHealth apps collected less user data than other types of mobile apps, 88% could potentially access and share them. .

For example, approximately two-thirds may collect ad identifiers or cookies, one-third may collect user ID , and about a quarter could identify the mobile phone tower to which a user’s device is connected, potentially providing information about the user’s geolocation.

Only 4% of mHealth applications have transmitted data (mostly information about the user’s name and location). However, researchers say this percentage is substantial and should be considered as a lower limit for actual data transmissions made by applications.

In addition, 87.5% of data collection operations and 56% of user data transmissions were on behalf of third-party services, such as external advertisers, analytics, and tracking providers, and 23% of user data transmissions occurred on insecure communication channels.

The top 50 third parties were responsible for the majority (68%) of data collection operations, which were typically a small number of technology companies, including Google, Facebook, and Yahoo!

The researchers also found that 28% (5,903) of mHealth applications did not offer any privacy policy text and that at least 25% (15,480) of user data transmissions violated what was stated in the privacy policies. privacy. However, only 1.3% (3,609) of user reviews raised privacy concerns.

These are observational findings and researchers point to some limitations. For example, some parts of the apps may not have been activated during testing, and restricting scanning to free apps may have introduced bias.

However, they say their study presents a broad assessment of mHealth applications compared to previous studies and conclude: “This analysis found serious privacy issues and inconsistent privacy practices in mHealth applications. Physicians should be aware of these and articulate them to patients when determining the benefits and risks of mHealth applications ”.

The status quo regarding the privacy practices of healthcare applications means that it is difficult and even irresponsible to offer advice to doctors or busy consumers on how to choose a healthcare application that protects their application. , argue Canadian researchers in a linked editorial.

They point out that consumers can make tracking difficult by disabling ad IDs, adjusting application permissions, and using ad blockers, but say that “we also need to advocate for greater control, regulation, and accountability by key players. which is behind the scenes (app stores, digital advertisers and data brokers) to deal with whether that data should exist and how it should be used and accountable for the damage that occurs. ”

Sharing data through popular health apps is routine and not transparent, experts warn

More information:
Mobile health and privacy: cross-sectional study, BMJ (2021). DOI: 10.1136 / bmj.n1248 ,

Health apps are designed to track and share, BMJ (2021).

Citation: Study Finds “Serious Privacy Issues” in Mobile Health Apps (2021, June 16) Retrieved June 16, 2021 at -mobile-health-apps.html

This document is subject to copyright. Apart from any fair treatment for private study or research purposes, no part may be reproduced without written permission. Content is provided for informational purposes only.

Source link