Vital Signs Blog

Weigh loss of privacy against benefit of health apps, group says

Many popular mobile health applications may help improve your fitness and well being, but users should weigh those benefits against the likely loss of privacy from the personal information they extract in return for their services, according to new reports by a California-based privacy rights group.

Unbeknownst to most users, “(m)ore than 75% of the free mobile health apps and 45% of the paid apps we researched use some kind of behavioral tracking, often through multiple third-party analytics tools,” and often with multiple tracking devices operating simultaneously, according to the technical analysis report of a study (PDF) by the San Diego-based Privacy Rights Clearinghouse. The nine-month project was funded through a grant from the California Consumer Protection Foundation.

Researchers for the group looked at 43 popular mobile health applications, 23 free and 20 paid, and almost evenly divided between the Apple and Android operating systems. Almost half of the free mobile apps studied used some form of third-party advertising, compared with only one paid app that did, the technical report said.

The apps using third-party advertising send usage data to as many as 10 or more different third-party advertisers in the first few minutes the app is in use. None of those apps used encryption with their transmissions, the report said. Even when sending personally identifiable information to the app developers, such as the user's name, e-mail address and geo location, only 53% of free apps and 44% of paid apps encrypted the data before sending it.

The bottom line? “Nearly three-fourths, or 72%, of the apps we assessed presented medium- to high risk regarding personal privacy,” the researchers said in a news release.

Beth Givens, director of the clearinghouse, said it's not surprising that that the paid apps were more privacy friendly than the free ones. “The free apps sell data to make money,” Givens said, “but the paid apps derive money from the sale of the apps.”

But for all of them, she counsels, let the buyer— and the free user—beware.

“First, decide how important it is to you to use these health and fitness apps,” Givens said. “You may decide you really want to use them and accept the consequences regarding your privacy. But if you are really concerned about privacy, you can look for the privacy policy and attempt to make sense of it." One warning, though: “It might be hand to read. Most are written by lawyers to reduce the liability risk of obtaining and using personal information.”

Can't find it on the app? Do a search on the name of the app and “privacy policy,” Givens suggests.

Also, Givens said, use your favorite search engine, type in the name of the application, and then the word “reviews” and “complaints.”

And, “Look for the contact information for the app's developer. Relatively few provide contact information,” she said, but, “It's good if they do, because it means the developer is willing to stand behind the app.”

Finally, she said, use good judgment. “Pay attention to the types of personal information you're being asked to provide and then ask yourself if you're comfortable providing that level of information,” she said.

The report also contains a “How To” guide for developers with tips on ways to create a mobile health app and still protect privacy.

Also this month, Illinois Attorney General Lisa Madigan announced she had written to several popular online healthcare websites, asking them to be more transparent with their privacy policies and their uses of customers' personal information.

Follow Joseph Conn on Twitter: @MHJConn


Loading Comments Loading comments...